MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb1b8c055fd13baf2aab87a48eaa02515d9a3c3872b6fa18242318785c01a7bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb1b8c055fd13baf2aab87a48eaa02515d9a3c3872b6fa18242318785c01a7bf
SHA3-384 hash: 722cebc81de26901225d902cb1f27aa4c9ac76e84a3f4df74c218fd4d6da6d9b4115ef61381d5c35c8d39a3c1f086f43
SHA1 hash: 2bd8fd6420465fb6e80077d6d1568017f5025182
MD5 hash: 5eec0086a6451037854f228ec2df24f3
humanhash: fifteen-stream-uncle-carpet
File name:23692 ANRITSU PROBE po 29288.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:1'032'659 bytes
First seen:2020-11-19 07:34:43 UTC
Last seen:2020-11-27 10:02:45 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:eIpOkNpCwXKuc/nnMgK3u5v9AtdzDfAISoUQ:eIp5X1quCADn7Soh
TLSH 962523E4E9B0950644CD233A34305BC939A05007DDE66BFD26C67ED97EE211E8B4E3DA
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: gmail.com
Sending IP: 156.96.62.91
From: Entang Hoerudin (Pur-Polymer) <sales@gmail.com>
Reply-To: fortunatodaniel.johndeere@gmail.com
Subject: Re: Fwd: Fwd: Fwd: Fwd: RFQ # 23692 ANRITSU PROBE/ po # 29288
Attachment: 23692 ANRITSU PROBE po 29288.zip (contains "23692 ANRITSU PROBE po 29288.exe")

Intelligence

File Origin
# of uploads :
25
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.9921.18895.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb1b8c055fd13baf2aab87a48eaa02515d9a3c3872b6fa18242318785c01a7bf/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 07:35:04 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zmnyybk72e526kvlq6si5kqckfozupbyok3pugbeemmhqxabu67q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip cb1b8c055fd13baf2aab87a48eaa02515d9a3c3872b6fa18242318785c01a7bf

(this sample)

Formbook

Executable exe cacdf1a59d452cff7cd9278e6aed55047b7867c740b858e41f36538f8ffd2a89

  
Dropping
MD5 6b44978ad0a6d1a02640111ceaebeaad
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cacdf1a59d452cff7cd9278e6aed55047b7867c740b858e41f36538f8ffd2a89

Comments