MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0300f2fe586fba1454d74b56e78a79230a932abf373546b4fc4c1cb3c6aad3fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0300f2fe586fba1454d74b56e78a79230a932abf373546b4fc4c1cb3c6aad3fd
SHA3-384 hash: 7c139250ec050a6ba37bd9b50652e4fead558186e9728d5244b5fd2019afd1f100636eabafc1bd6f4fea957b17cced49
SHA1 hash: c452c6063645d0017f2ebb35ad07453db95e608d
MD5 hash: 39a1475caccba238b959bb5fb0e38c5c
humanhash: music-oven-yankee-high
File name:RFQ-42956H.PDF.z
Download: download sample
Signature MassLogger
Create hunting rule
File size:873'781 bytes
First seen:2020-06-18 15:42:43 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:ua4OftWTo4ROcqFTUTrQQr/HIUfe+mlF14cW0u0+lhItKf5H2GsGMeCixiXO:d9ftf4RO3TOUQrQXnB7SN2wMe0+
TLSH 010523E30DAD6A8A0321912BE77FE8A5F603D9434574797FB22946FD3117E5D10A3A0C
Reporter abuse_ch
Tags:MassLogger z


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: engarude.com
Sending IP: 156.96.59.36
From: Anita Anand<purchase@engarude.com>
Reply-To: Anita Anand<purchase@engarude.com>
Subject: VT GmbH :Request For Quotation
Attachment: RFQ-42956H.PDF.z (contains "RFQ-42956H.PDF.exe")

MassLogger SMTP exfil server:
mail.hospump.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=amapf7syn65bivgxjnlopctzemfjgkv7g42unnh4jqolhrvk2p6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

z 0300f2fe586fba1454d74b56e78a79230a932abf373546b4fc4c1cb3c6aad3fd

(this sample)

MassLogger

Executable exe cc5b6de547c05bde0f4ebd87736dc83e5bb28d3641e15a3e9e665dc6075bf593

  
Dropping
MD5 a4b5e74408bc35da869b69d739b22585
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc5b6de547c05bde0f4ebd87736dc83e5bb28d3641e15a3e9e665dc6075bf593

Comments