MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c48309e22660ecc6a6acd9c48716601529666efb793386a14a35241da8e332d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c48309e22660ecc6a6acd9c48716601529666efb793386a14a35241da8e332d
SHA3-384 hash: ad386dbbf0a7f92f800e91fc7921580111e89a84643be6d6805074ae7f830cb1a03603cc831c5c365de6cd2693d8ffd6
SHA1 hash: 450260e81dcecaf3ec35c3c54bd338b3c896b773
MD5 hash: 033fc948bb85c3d1d2341d0fa695e214
humanhash: london-avocado-eight-video
File name:DAC Project lists_SCAN_0014_XML.r02
Download: download sample
Signature MassLogger
Create hunting rule
File size:809'127 bytes
First seen:2020-06-14 10:35:06 UTC
Last seen:Never
File type: r02
MIME type:application/gzip
ssdeep 12288:H+b07n1q91m/jEuKdifovLSY+O089KxJ2sbaNZ75EXOrs8zm:H+gL1q9UKdnvLSY+78KJ2zNZVEXQ7zm
TLSH EF0533B692D94067CC7B6EC2715B84168C7A87B47FE36FC8C473816308C64BA497C6B6
Reporter abuse_ch
Tags:MassLogger r02


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: av-displey.com
Sending IP: 37.49.224.119
From: info@av-displey.com
Subject: RE: DAC inquiry
Attachment: DAC Project lists_SCAN_0014_XML.r02 (contains "DAC Project lists_SCAN_0014_XML.exe")

MassLogger SMTP exfil server:
mail.devor.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.14.13683.13939.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-06-14 10:37:03 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dredbhrcmyhmy2tkzwoeq4lgafjjmzxpw6jtq2quunjedwuogmwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r02 1c48309e22660ecc6a6acd9c48716601529666efb793386a14a35241da8e332d

(this sample)

MassLogger

Executable exe 717fdcaaace17b4451b75ac983e61fe058cc461c2f843a71339f1af8e33ddcd3

  
Dropping
MD5 bea8e255510222abd447e26f92a9d723
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 717fdcaaace17b4451b75ac983e61fe058cc461c2f843a71339f1af8e33ddcd3

Comments