MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed54a7a6b41f76fbd259be636ad268c4637f4a95e2738b8cf8e7dcba4c38b2a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	ed54a7a6b41f76fbd259be636ad268c4637f4a95e2738b8cf8e7dcba4c38b2a9
SHA3-384 hash:	022c6063ff19456795b7d5b9efa7e98fe2a59d134acca98603746c2e1c88925c5e1d004e608faa6c32d216eea13d7166
SHA1 hash:	e5c33e8bd825307912624a1d605afac9f3499b50
MD5 hash:	c3ff380b54d246b4e49dd521613c422e
humanhash:	north-fanta-golf-black
File name:	SHIPPING_DOC_MV MAERSK HANGZHOU_V.698E_pdf.arj
Download:	download sample
Signature	FormBook Create hunting rule
File size:	412'174 bytes
First seen:	2020-07-21 07:45:49 UTC
Last seen:	2020-08-11 11:38:49 UTC
File type:	arj
MIME type:	application/x-rar
ssdeep	6144:QFKXDKA4o+IsTjZfjz+mFKRq6M6KyCxuKlqjUIgf07xh11e4c7ojEa7/YW:QYzKro7OfffoM6KyUucq4Il1MkjEaN
TLSH	2A94231BB7FA23DCE2AD1E2415BC025D78413538352F5F978EF956A88AAE633BC14C10
Reporter	abuse_ch
Tags:	arj FormBook Maersk

abuse_ch

Malspam distributing FormBook:

HELO: mail.emsbd.com
Sending IP: 202.40.181.229
From: A.P. Moller - Maersk <kevin.chung@maersk.com>
Reply-To: kevin.chung@maersk.com
Subject: RE : RE : URGENT!!! 2 x 40ft - SHIPPING DOC BL,SI,INV#462345 // MV MAERSK HANGZHOU V.698E // CLGQOP181781 //
Attachment: SHIPPING_DOC_MV MAERSK HANGZHOU_V.698E_pdf.arj (contains "SHIPPING_DOC_MV MAERSK HANGZHOU_V.698E_pdf.exe")