MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edb122a4fb7c65f88ca6fbc8324901a3635837257e50cb1f7f515d61f4a5d8c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: edb122a4fb7c65f88ca6fbc8324901a3635837257e50cb1f7f515d61f4a5d8c4
SHA3-384 hash: 369cada3a5b5ceda76bc08abfa910303f20be30f6bb53c443a3edb149eac939eb2f4d94f084b6a3878e6adf24dc11a1c
SHA1 hash: d04778d1db11ec022745c802a203ec01eddc6e04
MD5 hash: def50c0b35f0704e06f79467003d7939
humanhash: saturn-saturn-stairway-hotel
File name:Products Sample and Spec. Requirements With Detailed Drawings.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:532'924 bytes
First seen:2020-10-28 08:27:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:R0hWvKcgR2yB0CnXrbRBPG6IvdezhB2vYnZQUOfBPK1ShVaQBcYVrvD+c/pHLs9L:R0NRlB0CXri6udezIQSQQLCI49ROW
TLSH 53B423AAF7E477A9E7FE45F9A3DD34867C2D24451EA583F059C822C768C1CBCD2018A4
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: zhongnengcq.cn
Sending IP: 156.96.60.139
From: sales@zhongnengcq.cn
Subject: Complied end of year Order and our current specific price list
Attachment: Products Sample and Spec. Requirements With Detailed Drawings.rar (contains "Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/edb122a4fb7c65f88ca6fbc8324901a3635837257e50cb1f7f515d61f4a5d8c4/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-28 01:46:46 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5wysfjh3prs7rdfg7pedesibunrvqnzfpzimwh37kfowd5ff3dca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar edb122a4fb7c65f88ca6fbc8324901a3635837257e50cb1f7f515d61f4a5d8c4

(this sample)

Formbook

Executable exe 890a6d5db1a4d100cd3872a878a4f6e80e993efd3c5e36a9452a0434171e9201

  
Dropping
MD5 7fff99a6a0540cbb427a3cd0cf75bfd3
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 890a6d5db1a4d100cd3872a878a4f6e80e993efd3c5e36a9452a0434171e9201

Comments