MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d33da2ec8837b0029a592a5a2a13a749b9ea79a9f407dcc576444de0fa77c29f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d33da2ec8837b0029a592a5a2a13a749b9ea79a9f407dcc576444de0fa77c29f
SHA3-384 hash: b4d34c5f29e47fbe4354a90469ecce3ce2b658617ae4f26f3087b2ae7e54ed20c1d69b784b5717ffc56e01e629ddba94
SHA1 hash: 7244059574082d9ef8af5e532b9f0dd673d3d504
MD5 hash: 18bb2317a2abe2c9dd61dac04856075a
humanhash: pasta-indigo-jersey-freddie
File name:Purchase_Order_4501470158_request_for_quatation_09488588.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:467'870 bytes
First seen:2021-01-18 07:48:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:nD2n0FZtnDnM4p23/oPygWhLCBpGFHFw7ysbh6Qu/CcQ+B:n6n0FZO4p23QPKCBpLXb2acQ+B
TLSH 2FA42380EAD5E1A7DB829E27072907ED4D0B514FD16DA0E934754AE64343A3AFB8CC3D
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hj0.frftru.ml
Sending IP: 159.203.13.43
From: YANIE RIDZWAN <gliwice@sdzlegal.pl>
Reply-To: YANIE RIDZWAN <po1890@shiftmycargo.com>
Subject: Re: Purchase Order# 4501470158
Attachment: Purchase_Order_4501470158_request_for_quatation_09488588.zip (contains "Purchase_Order_4501470158_request_for_quatation_09488588.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen11.57608.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25535.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25547.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d33da2ec8837b0029a592a5a2a13a749b9ea79a9f407dcc576444de0fa77c29f/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 07:49:07 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2m62f3eig6yafgszfjncue5hjg46u6nj6qd5zrlwirg6b6txykpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d33da2ec8837b0029a592a5a2a13a749b9ea79a9f407dcc576444de0fa77c29f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip d33da2ec8837b0029a592a5a2a13a749b9ea79a9f407dcc576444de0fa77c29f

(this sample)

Formbook

Executable exe 518023c16668547a3d37cd93ca34ae6697364dd838c8538d6de80441f2b6c1bd

  
Dropping
MD5 0ef28ea7498111382b1830d2f0e0f3b8
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 518023c16668547a3d37cd93ca34ae6697364dd838c8538d6de80441f2b6c1bd

Comments