MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 179ffdb3b826536f043c5d15d9df4ac5f83b388ccb2c35a548838da257525e00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 179ffdb3b826536f043c5d15d9df4ac5f83b388ccb2c35a548838da257525e00
SHA3-384 hash: ed61f16ed1cc9bc09fc91deea88e8252bde7aeae1fb07485517e555f9ada944d5782ba996849e799cbfa67b730451a67
SHA1 hash: 99064c9aedbf2c45741a70336b9b18ce7eba2307
MD5 hash: 8d33f23468dc46a42a0aee20334a59d6
humanhash: indigo-wolfram-ack-salami
File name:Quotation Lists Al-Majid Clients.pdf - Copy.7z
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'041'762 bytes
First seen:2020-08-16 13:59:36 UTC
Last seen:Never
File type: 7z
MIME type:application/gzip
ssdeep 24576:o2GvlMT6hc8vXUh9KmDibbckjZyzKnnVsV7d5cUsu6:ojvlMTx8vEh9xk7jSzn5PP6
TLSH F8253393A73392DAA2F7A9F0D8BE04F3741A710C5F3653498F96531A2643A777B480C5
Reporter abuse_ch
Tags:7z Hostwinds MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hwsrv-764555.hostwindsdns.com
Sending IP: 104.168.204.224
From: Mohammed Iliaz <info@kisplilerm.com>
Subject: Reg-DI Pipes test certificates required /DO.No-118
Attachment: Quotation Lists Al-Majid Clients.pdf - Copy.7z (contains "Quotation Lists Al-Majid Clients.pdf - Copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodGzip-A.11155.19135.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/179ffdb3b826536f043c5d15d9df4ac5f83b388ccb2c35a548838da257525e00/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-16 14:01:05 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c6p73m5yezjw6bb4luk5tx2kyx4dwoemzmwdljkiqog2ev2slyaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/179ffdb3b826536f043c5d15d9df4ac5f83b388ccb2c35a548838da257525e00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

7z 179ffdb3b826536f043c5d15d9df4ac5f83b388ccb2c35a548838da257525e00

(this sample)

MassLogger

Executable exe babb19e7cb06c97942ebdda46ddfe8435b8281ab8459080e0282485e02d587d4

  
Dropping
MD5 18a46924d214043bcbc05c8570d94db9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 babb19e7cb06c97942ebdda46ddfe8435b8281ab8459080e0282485e02d587d4

Comments