MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2cead311292d2dde7458343ba807fdf25e3e13b3f780245eddcd48ada3f49a5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2cead311292d2dde7458343ba807fdf25e3e13b3f780245eddcd48ada3f49a5b
SHA3-384 hash: b6b780fdd29f54f0aebf03deb1884535dd287a2b6cb2652a7ea4540e8379372f67159e84b841fda152e0ef07f30089fa
SHA1 hash: 3d8e93cba44c21efa5be86553f87a4d7456183cb
MD5 hash: ebfd499a5bd49b80535e65946f0d3f10
humanhash: whiskey-march-sodium-india
File name:CATALOGUE RMK TRADING LTD_PDF1.iso
Download: download sample
Signature MassLogger
Create hunting rule
File size:897'024 bytes
First seen:2020-07-02 07:50:47 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:j0wIxmgQzuTfFvyu8etQXpv8E2a8uU0huZ508VdZHdPclgGP90AqmefZlGM6mn:401YhbsZ7+xVdZiumex
TLSH 2D15121027FC6128EEB62B74D9B2122093337A99653AE72D2A8D705F0FB7F4156117B3
Reporter abuse_ch
Tags:iso MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: vm6534.seewebcloud.it
Sending IP: 213.171.165.67
From: RMK Trading LTD <c.eomirou@rmk.es>
Subject: RFQ
Attachment: CATALOGUE RMK TRADING LTD_PDF1.iso (contains "CATALOGUE RMK TRADING LTD_PDF.exe")

MassLogger SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WQV.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2cead311292d2dde7458343ba807fdf25e3e13b3f780245eddcd48ada3f49a5b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 07:52:07 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ftvngejjfuw545cygq52qb756jpd4e5t66acixw5zvek3i7utjnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

iso 2cead311292d2dde7458343ba807fdf25e3e13b3f780245eddcd48ada3f49a5b

(this sample)

MassLogger

Executable exe d087cb4fc608dfa1fa78c91ce168189bbc3e9c7bfbf7a7e60a050858be3770e0

  
Dropping
MD5 4df5a47d4884557fb5bf44c65a4562e6
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d087cb4fc608dfa1fa78c91ce168189bbc3e9c7bfbf7a7e60a050858be3770e0

Comments