MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8f46381380159983f5e68104d6d158ae834be5786f3abbb6cff74f79a377714. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8f46381380159983f5e68104d6d158ae834be5786f3abbb6cff74f79a377714
SHA3-384 hash: 3cb9041320fc72eb6be807a9b06b383a10edc13c4c5ab5c89dd0ca245cbf9feaed6f41fdb16f244ff067d988b2155fda
SHA1 hash: cdaf94ce64a3ee69e7c3d48b07681c1c35772732
MD5 hash: a1af6e1e7e70e2d2571c21d7c21b9c53
humanhash: early-oranges-friend-thirteen
File name:Packing list • Invoice • Country of origin.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:252'242 bytes
First seen:2021-01-15 07:09:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:YUyEAeXOx/44eZ3cmkAPeSth5kZpd+xKtvaEZx:YWXO544enkCOZpd3Mix
TLSH 6A342393316A45D1ED146226B6BFEF6C05852EF7C50BB460043E1E19EBAC4A1F38F749
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: relay3.redynet.com.ar
Sending IP: 200.107.202.26
From: Alan Li <alanli@haitai.com>
Subject: Re: Shipping Documents – Packing List & Commercial Invoice
Attachment: Packing list • Invoice • Country of origin.zip (contains "Packing list • Invoice • Country of origin.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn25.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d8f46381380159983f5e68104d6d158ae834be5786f3abbb6cff74f79a377714/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-15 07:09:09 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3d2ghajyafmzqp26naie23ivrludjpsxq3z2xo3m752ppgrxo4ka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d8f46381380159983f5e68104d6d158ae834be5786f3abbb6cff74f79a377714

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip d8f46381380159983f5e68104d6d158ae834be5786f3abbb6cff74f79a377714

(this sample)

Formbook

Executable exe b4a9843d6c2869da17c9fb36d3aae7b869f3df444280943e07f3944f6408f086

  
Dropping
MD5 573ad7a8627f24f2e6fc4aa3c53f6328
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4a9843d6c2869da17c9fb36d3aae7b869f3df444280943e07f3944f6408f086

Comments