MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f032d97ce00120b8b0ded6cd477afb9e75b4997d9cd2f6ed51d40436cacdb77d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f032d97ce00120b8b0ded6cd477afb9e75b4997d9cd2f6ed51d40436cacdb77d
SHA3-384 hash: 218a1a0eb432b2ca56d824d08019dafc9138f012bda47f92f2d2ba54999968bc6381c720010eb88a3f00a39963fbfc05
SHA1 hash: 67ba3b0973f5b9e813ee6e30ffc5601c6623d1db
MD5 hash: 531cc920f831d198d11b10637b3cf9f2
humanhash: california-crazy-kentucky-lion
File name:Amacon Order Specification Requirement.xz
Download: download sample
Signature Formbook
Create hunting rule
File size:397'855 bytes
First seen:2020-10-27 16:42:24 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:SK/NPFvfMV8AYZpgZrjkTkcRs6Z4944wQXpp3:SK/Ntve8tZpgpkTG6ZI44R73
TLSH FA8423E4E24C9C9592F02DCAC844B2CCE5EBCED7AC37D5903B76CA0226919DD1A840CE
Reporter abuse_ch
Tags:FormBook xz


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: mail0.legislatiq.xyz
Sending IP: 161.35.234.94
From: Amacon Makgoka<amacon.makgoka@hotmail.com>
Subject: RE: 回复: Request for Quotation with reference: BINIF0865
Attachment: Amacon Order Specification Requirement.xz (contains "Amacon Order Specification Requirement.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f032d97ce00120b8b0ded6cd477afb9e75b4997d9cd2f6ed51d40436cacdb77d/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 14:37:19 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6azns7haaeqlrmg623guo6x3tz23jgl5ttjpn3kr2qcdnswnw56q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f032d97ce00120b8b0ded6cd477afb9e75b4997d9cd2f6ed51d40436cacdb77d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

xz f032d97ce00120b8b0ded6cd477afb9e75b4997d9cd2f6ed51d40436cacdb77d

(this sample)

Formbook

Executable exe b868ded573176e58f1d498447a375a73ff901fe072c28af6be9f851f8d0cdacc

  
Dropping
MD5 53f55c9bb0f3aaf5b7ee7f91eee82da8
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b868ded573176e58f1d498447a375a73ff901fe072c28af6be9f851f8d0cdacc

Comments