MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 deec4106a11fa81a351873db1d654e4ec6673329aba643939e7e0780f1f5d1ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: deec4106a11fa81a351873db1d654e4ec6673329aba643939e7e0780f1f5d1ca
SHA3-384 hash: 27e69f1670425940c74444008fe17475753e55480c9ba2a9ad72030b30ab43667885260d31d708f48987652f153214a5
SHA1 hash: c39b4808b21ac7300f1a19e01fb9b77993bd655c
MD5 hash: b8a4179d3c3bd4c7ca0716234f35ffaf
humanhash: lima-yellow-iowa-leopard
File name:PAY-IN 008CX.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:451'810 bytes
First seen:2021-01-18 08:01:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:EUtAf4Mbuoh7+xXe1yIpb/Ma8wq7jrP5H7HxB2KMeAGHI9w:TgueyxOE6zT8t7jrPx32SAGmw
TLSH 46A42313FE21875A90B96036C9032518DCB4AC5DED097EF2DBAE2094C6CA157FF7629C
Reporter abuse_ch
Tags:FormBook rar Yahoo


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: sonic303-20.consmr.mail.sg3.yahoo.com
Sending IP: 106.10.242.37
From: joy sales <salejoy43@yahoo.com.sg>
Subject: : Fwd: Wire Transfer Payment
Attachment: PAY-IN 008CX.rar (contains "7nMMSdGgCXAfKsb.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/deec4106a11fa81a351873db1d654e4ec6673329aba643939e7e0780f1f5d1ca/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 06:49:40 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=33wecbvbd6ubuniyopnr2zkoj3dgomzjvotehe46pydyb4pv2hfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/deec4106a11fa81a351873db1d654e4ec6673329aba643939e7e0780f1f5d1ca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar deec4106a11fa81a351873db1d654e4ec6673329aba643939e7e0780f1f5d1ca

(this sample)

Formbook

Executable exe 65ca40e44ab6171794b0c81d8b80122604eff3aca4614901fcd30db1a5329cfb

  
Dropping
MD5 50439fc35eaebb32f1fdeba8ef12e7c2
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 65ca40e44ab6171794b0c81d8b80122604eff3aca4614901fcd30db1a5329cfb

Comments