MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0e29b3c4611c8be7ef10cd9aa6a373fb4e5c381879555ba3555150cbe1061b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0e29b3c4611c8be7ef10cd9aa6a373fb4e5c381879555ba3555150cbe1061b6
SHA3-384 hash: a951b05d266a02cb1947568ca6617f0cfea0795d49c62289ee17e38084e09880516bc1af5cade5f5877b67bd59fe44ef
SHA1 hash: 7f3ddfbc37c8729576d4adab28694298eb68e230
MD5 hash: 0ba253964d411261439c1bb80efeaeb5
humanhash: mountain-montana-video-ack
File name:Asia Offshore Services.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:644'074 bytes
First seen:2020-10-22 06:52:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:b4MEeo9BdwUxxHAGBH7fYiuBZoMZnNg9t0OPzRuvYOS69XaIVoj+yJWY:b49BdnxxgOYdBZo8G9yO7RFOd9cCAWY
TLSH D8D4330EB7F2786323BC7BA4A405F71FF1BF0A5678985C2A59E0173095EDC61832168E
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: server.blakecorporations.com
Sending IP: 199.250.204.180
From: Petter Nilsen <pn@aosoffshore.com>
Reply-To: contac@tech-center.com
Subject: Asia Offshore Services / Request For Quotation
Attachment: Asia Offshore Services.zip (contains "Asia Offshore Services Pte Ltd.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0e29b3c4611c8be7ef10cd9aa6a373fb4e5c381879555ba3555150cbe1061b6/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 01:59:08 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6drjwpcgchel47xrbtm2u2rxh62olq4bq6kvlorvkukqzpqqmg3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip f0e29b3c4611c8be7ef10cd9aa6a373fb4e5c381879555ba3555150cbe1061b6

(this sample)

Formbook

Executable exe 93924f89733fd4e1534e19d833740a2667ff990ebab775d891b669b5c728014a

  
Dropping
MD5 6cf028560f4ad51014ec31bf758042a8
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 93924f89733fd4e1534e19d833740a2667ff990ebab775d891b669b5c728014a

Comments