MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09d673331f29b28df8339e1dde3bd5fd21ad5d6d633f10f0037976c78b847b8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09d673331f29b28df8339e1dde3bd5fd21ad5d6d633f10f0037976c78b847b8c
SHA3-384 hash: 356ac98c24e30941e8b7588133b6d1130a914a620e7b58ddc877307e67352e67ad1af439418164b67b0c22b6fe196a4d
SHA1 hash: 70e39a736ba39b4eb08d5200575ff380cbce1461
MD5 hash: 5e806db778b06ae942005da1a98901ab
humanhash: music-maryland-ack-diet
File name:PO_PO2542_202008141707.r00
Download: download sample
Signature MassLogger
Create hunting rule
File size:424'474 bytes
First seen:2020-08-14 10:25:04 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:CvfZqce56hOCfqj/I59hr4OFHeqv6ORLlkXZG:sfZqc0VCiAk0h6cyY
TLSH 31942349ED2422F34425B55E97BBDE87FDCC48B79993408917A9B48F0029B7D838F8C9
Reporter abuse_ch
Tags:MassLogger r00


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: IBM.US.COM
Sending IP: 45.11.19.43
From: PDONOTIFICATIONS@IBM.US.COM
Reply-To: PDONOTIFICATIONS@IBM.US.COM
Subject: Purchase Order No.: PO2542
Attachment: PO_PO2542_202008141707.r00 (contains "PO_PO2542_202008141707.exe")

MassLogger SMTP exfil email address:
mail.aydan.com.tr

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/09d673331f29b28df8339e1dde3bd5fd21ad5d6d633f10f0037976c78b847b8c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 10:27:04 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bhlhgmy7fgzi36bttyo54o6v7uq22xlnmm7rb4adpf3mpc4epoga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/09d673331f29b28df8339e1dde3bd5fd21ad5d6d633f10f0037976c78b847b8c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 09d673331f29b28df8339e1dde3bd5fd21ad5d6d633f10f0037976c78b847b8c

(this sample)

MassLogger

Executable exe 434b95216fefcfdef179cbafe780e88243b818bce4ab11b88863bedc4a9cc0d0

  
Dropping
MD5 484cd145d2803a3cb8738849762e380d
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 434b95216fefcfdef179cbafe780e88243b818bce4ab11b88863bedc4a9cc0d0

Comments