MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3d00f6b1e78ee064a9d0284a926a86badb7da7f5a082da8dbe905ae32117f07. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3d00f6b1e78ee064a9d0284a926a86badb7da7f5a082da8dbe905ae32117f07
SHA3-384 hash: 7866cc6dbfc221ac2b9d96a951aab0677c1b0bca21b5b34c162fa3caab047566105f23dc5eca693c57dcdd176d25b6c0
SHA1 hash: 5c75cbe1f2d184aed038cfb1aa9561a0b8687d5f
MD5 hash: 17d1269c9c0e60b60c4a25ba53d28270
humanhash: sixteen-butter-item-seven
File name:SHIPPING DOCUMENT PL.zip
Download: download sample
Signature FormBook
Create hunting rule
File size:315'096 bytes
First seen:2020-05-26 08:14:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:eoCrXFDIcT3KlT8Z5KUXFT5OgDWWTdTdlsR8gghfkf0NIPO/U7GsyP5Shx3qf:eprG72ZDSgDWyqR8gyMsYV/yPgr3i
TLSH 9864228308A0B457F6AEA80905F328668CA6DF47B65DE49A40CD59217E87FD4F2D3337
Reporter abuse_ch
Tags:FormBook zip


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: icefactor.ae
Sending IP: 103.207.38.157
From: Jozef Králik <jozef.kralik@icefactor.ae>
Subject: SHIPPING DOCUMENT & PACKING LIST
Attachment: SHIPPING DOCUMENT PL.zip (contains "SHIPPING DOCUMENT & PL.rar.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.49801.21321.27500.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 21:31:11 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip f3d00f6b1e78ee064a9d0284a926a86badb7da7f5a082da8dbe905ae32117f07

(this sample)

FormBook

Executable exe b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65

  
Dropping
MD5 62d26e6034ee056e4fcbbf1e6470566a
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65

Comments