MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b0d509eda290b2ea09549a9cc8c1f1f08f267e24906102d792c7041448c4a44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b0d509eda290b2ea09549a9cc8c1f1f08f267e24906102d792c7041448c4a44
SHA3-384 hash: f79f51ca61e8d3d7cb7faec5e522d789de553087f1939c9803e0740221191999d91ea363fc5c245a1954e2af48390b7f
SHA1 hash: e39e297dc25c53b534d142c52f34dec75c094603
MD5 hash: 0c7c4fa05537af7e9b3b12d29629a341
humanhash: california-muppet-august-ohio
File name:New Purchase Order.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:575'048 bytes
First seen:2020-06-03 09:02:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:dfyqy8tSs4j5JWSMNU5pquMytmvBKBZUQd6:L3tEu7U5ou1t9uQd6
TLSH 9FC423DE26C2535334BBF76E674CE3E0297E8C5C0839C095FEDA74EA4E68B542352852
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: joister.net
Sending IP: 103.2.236.240
From: Mrs. Olivia Freund <Sales@metroco.org>
Reply-To: Sales@metroco.org
Subject: New Purchase Order
Attachment: New Purchase Order.zip (contains "tony.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 04:29:30 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bmgvbhw2fefs5ievjgu4zda7d4epez7cjedballzfryecremjjca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 0b0d509eda290b2ea09549a9cc8c1f1f08f267e24906102d792c7041448c4a44

(this sample)

MassLogger

Executable exe 0b46380a79a72d6029ee1437d2b2c7c542a33dbba00a73172e8917fa902c035e

  
Dropping
MD5 3b79245c658148c069ee54f7d3d96407
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0b46380a79a72d6029ee1437d2b2c7c542a33dbba00a73172e8917fa902c035e

Comments