MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28bfa8f1ac36fa3dc61611df691f96cf94dbe5904c4b8c13d025252864ae8377. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 28bfa8f1ac36fa3dc61611df691f96cf94dbe5904c4b8c13d025252864ae8377
SHA3-384 hash: 311a896cd2853aaf556a6fce9f03c6c24ea1e93820dce1c68708baeab1b295215217d59d0d73ff7b6745afae5558581e
SHA1 hash: 0ab34a46ce2472f0b32479d8c67d4a38b18f78f0
MD5 hash: b2ff6d0d9e3e57126b60b8551f8b597f
humanhash: moon-delaware-ohio-single
File name:PURCHASE.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:801'071 bytes
First seen:2020-06-15 12:27:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:BxTNyZ45qCqTN5K3FSzIE967hslBX6gI/o9:yyDunKwkw0heXL9
TLSH 0E05330D8F5C05A975DE8BF302B05E96316B30A6C297628EF1DAC51B3EAC947371F096
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: smarthost1.gohsphere.com
Sending IP: 199.127.218.11
From: Michelle Bryan <Michelle@texgroupbd.net>
Subject: ORDER TERMS OF PAYMENT
Attachment: PURCHASE.rar (contains "PURCHASE")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:29:05 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fc72r4nmg35d3rqwchpwsh4wz6knxzmqjrfyye6qeussqzfoqn3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 28bfa8f1ac36fa3dc61611df691f96cf94dbe5904c4b8c13d025252864ae8377

(this sample)

MassLogger

Executable exe ddb56cadf564aac028ed312fb7ddb378d1951c2c8ed1a12e43f7e92d29843a08

  
Dropping
MD5 1f22104b665319b768e3edf8227ad567
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ddb56cadf564aac028ed312fb7ddb378d1951c2c8ed1a12e43f7e92d29843a08

Comments