MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36f6ddc48b8d57014c4b64a2513948d9b246db222ae00f1a7cd99ffbee52f17d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36f6ddc48b8d57014c4b64a2513948d9b246db222ae00f1a7cd99ffbee52f17d
SHA3-384 hash: 8509e8aa031de1b49d17c615a4c503e36cf5d6bc7130c0a71378568f95014d34800c5dc97f97b16a29cdb5bb147e6517
SHA1 hash: f3dabee5a52c254e8248dfbbcd0cd7f790778da4
MD5 hash: 7f83fc66e6c72cbf608bbb70abed55cc
humanhash: michigan-east-spring-washington
File name:Catalogue RMK Trading LTD_PDF.iso
Download: download sample
Signature MassLogger
Create hunting rule
File size:931'840 bytes
First seen:2020-06-11 05:54:22 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:diplkVEX2LaTZuHNrUiMdYfLnOWTZ524raj/JClAdkLZa273k9sqxk+Xv38+TW65:dol0S2LaT497nnha7J09eBk+fx
TLSH 721523846FE2E732E86797F8907108411777A61964B2F78C3DAD30CB572B7448621BEB
Reporter abuse_ch
Tags:iso MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: d00ka0-vm.sphostserver.com
Sending IP: 46.30.247.114
From: RMK Trading LTD <c.eomirou@rmk.es>
Subject: INQUIRY 09102020
Attachment: Catalogue RMK Trading LTD_PDF.iso (contains "Catalogue RMK Trading LTD_PDF.exe")

MassLogger SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Herz.A.18666.11275.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 05:56:08 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g33n3relrvlqctclmsrfcoki3gzenwzcflqa6gt43gp7x3ss6f6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

iso 36f6ddc48b8d57014c4b64a2513948d9b246db222ae00f1a7cd99ffbee52f17d

(this sample)

MassLogger

Executable exe 2ccad8e7ac98ffc7a392453e342ced6f7a597f3c4d910d385aa9aac5e9633ee6

  
Dropping
MD5 7058bc6c9526e8e8a9d9babc7e31e660
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ccad8e7ac98ffc7a392453e342ced6f7a597f3c4d910d385aa9aac5e9633ee6

Comments