MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 250200948fc4982c3a4250f63083829ed454b8a613a4209dbc09b6e73ed0e166. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 250200948fc4982c3a4250f63083829ed454b8a613a4209dbc09b6e73ed0e166
SHA3-384 hash: db67b746dffbf0146be8a35632dc2bf7d352356beaaca7974a34ef690bbb68d9a7c4da5adf6076185428bdbf6037c077
SHA1 hash: b733c1f4cd84010d16159319f5c0599b20dfcbf3
MD5 hash: 5273ec0d6fe23f1709147410f0720c80
humanhash: four-kilo-mountain-mississippi
File name:PO_Aug_Wahabcapitals_Original_ copy.R11
Download: download sample
Signature MassLogger
Create hunting rule
File size:925'332 bytes
First seen:2020-08-13 07:52:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Ykyp9dz1CrV1edIlS5OAWSr/FPJXNm+pO0w0IF1D8l+mjtn+4RmsXK8/ecGTd0HQ:YiWIljAr9ud0Ex2nbRmsXJ/xGKz0Dsi
TLSH 3B1533FC67162A9385FD89F8C10D3C9D9981A07324D8E1C14AE63759363336E278E7B6
Reporter abuse_ch
Tags:MassLogger r11


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.wahabcapitals.com
Sending IP: 192.236.208.211
From: Abu Ali <sales@wahabcapitals.com>
Reply-To: Abu Ali <sales@wahabcapitals.com>
Subject: Inqury: PO_Aug_Wahabcapitals
Attachment: PO_Aug_Wahabcapitals_Original_ copy.R11 (contains "PO_Aug_Wahabcapitals_approved_copy_Original_122020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/250200948fc4982c3a4250f63083829ed454b8a613a4209dbc09b6e73ed0e166/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Suspicious
First seen:
2020-08-13 07:54:07 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eubabfepysmcyosckd3dba4ct3kfjofgcoscbhn4bg3oopwq4fta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/250200948fc4982c3a4250f63083829ed454b8a613a4209dbc09b6e73ed0e166

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 250200948fc4982c3a4250f63083829ed454b8a613a4209dbc09b6e73ed0e166

(this sample)

MassLogger

Executable exe 065011f5098f869c79ff098a104765fa08050cfef16bac98b0944108de1ebee4

  
Dropping
MD5 f44a16990ac80aa2a368176191941717
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 065011f5098f869c79ff098a104765fa08050cfef16bac98b0944108de1ebee4

Comments