MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07260bae8062330a1a42e28f0791ef86676000dbc4499d657ba91a662829cce4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07260bae8062330a1a42e28f0791ef86676000dbc4499d657ba91a662829cce4
SHA3-384 hash: cee08bfe9f187096336d2e688c2a66a90c86644ad9e94d31949c71241ad62169e59b4ecb762fde2799ee8fe5cb654cb9
SHA1 hash: ce439cc106c5deae5de3ebc4a89eb1f1c9c60ee9
MD5 hash: 8e54371b1e0678df3c185c9197a2aaa6
humanhash: hotel-skylark-oven-may
File name:PO ORDER.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:857'396 bytes
First seen:2020-08-14 10:13:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:WaRKIpX7vNJXK6SCPQf5XVHNmam37XtDqVLe9aJIsffVqr:AeNhaJ5XVDSda1Jj8r
TLSH 1E05233FF1A0E2C37EC0DBA66BD1FE6C0E5A0C4B64E1E474D8194A85B0B80A53D39579
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: jax4mhfb02.myregisteredsite.com
Sending IP: 64.69.218.95
From: Muhammad Shafi <osamah@horizons.us.com>
Reply-To: Muhammad Shafi <osamah@horizons.us.com>
Subject: PO order NO : 00181356-1074
Attachment: PO ORDER.rar (contains "PO ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/07260bae8062330a1a42e28f0791ef86676000dbc4499d657ba91a662829cce4/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 10:15:13 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a4taxluamizqugsc4khqpeppqztwaag3yrez2zl3vengmkbjztsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/07260bae8062330a1a42e28f0791ef86676000dbc4499d657ba91a662829cce4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 07260bae8062330a1a42e28f0791ef86676000dbc4499d657ba91a662829cce4

(this sample)

MassLogger

Executable exe ed23e691927f32d5c2d18f5b763fcc71fa62c6150233b1dbcf967d13521ef8f6

  
Dropping
MD5 a2c75cedd6deb53d4ca5508e87e15eed
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ed23e691927f32d5c2d18f5b763fcc71fa62c6150233b1dbcf967d13521ef8f6

Comments