MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33581dc85054ce94427c974e3fc3131655ed0dc297949126e8ecbef1a90ce5ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33581dc85054ce94427c974e3fc3131655ed0dc297949126e8ecbef1a90ce5ba
SHA3-384 hash: 42c95a19940c54b674119afb6887bd7c2e7a258f923a7440079ea8f04c2abc59a9468c80b859c1cd6fee924ca3771c76
SHA1 hash: 10339a22eb952e956451aea7f453f54d03d66beb
MD5 hash: e9d88bb417c91d2d75bcbf4c24d9f1d0
humanhash: timing-california-seventeen-pluto
File name:Airline invoice details.xz
Download: download sample
Signature MassLogger
Create hunting rule
File size:877'691 bytes
First seen:2020-08-08 08:20:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:CyjeBYXJt6wzSgzZgnIXoExndN964ztapkqmUGxBb:CY6sJAwnNTYERdfHpt
TLSH DF15339E306BC5928485F1024B641F49D663307ED2D69B43F0E2B6986E364B42BEC6FD
Reporter abuse_ch
Tags:DHL MassLogger xz


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: m.hostcho.com
Sending IP: 138.201.145.72
From: Anastacia Petrov <rimantas@brigantina.lt>
Subject: DHL Customer Information Form
Attachment: Airline invoice details.xz (contains "Airline invoice details.bat")

MassLogger SMTP exfil server:
mail.sbrenind.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.405.11281.12311.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33581dc85054ce94427c974e3fc3131655ed0dc297949126e8ecbef1a90ce5ba/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-08 08:21:07 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gnmb3scqkthjiqt4s5hd7qytczk62docs6kjcjxi5s7pdkim4w5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/33581dc85054ce94427c974e3fc3131655ed0dc297949126e8ecbef1a90ce5ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 33581dc85054ce94427c974e3fc3131655ed0dc297949126e8ecbef1a90ce5ba

(this sample)

MassLogger

Executable exe a990373e6225384bd1bab3441dc0cb881f1e03f51f83f7923ca6c9ff228bee5c

  
Dropping
MD5 b0a231c33688a2628600a3f01a43176b
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a990373e6225384bd1bab3441dc0cb881f1e03f51f83f7923ca6c9ff228bee5c

Comments