MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 398cf1e2f47793893c4cd35ca89e542de3faac5dcbb7aa3b70957eed6c655d92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 398cf1e2f47793893c4cd35ca89e542de3faac5dcbb7aa3b70957eed6c655d92
SHA3-384 hash: d62203adff794ab82c933027e0fd0aba81f7aa4bab8e73fb1fbeedd59aa72ee32712d91901d70a679d245e374619f1bb
SHA1 hash: 273cb2660812ab2f5ac916843b714e628980afe0
MD5 hash: 8dd56d7bb8cb0c03af057b8966344140
humanhash: enemy-pizza-angel-pizza
File name:Order.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:816'123 bytes
First seen:2020-08-19 09:29:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:HKpLqGadifhqzDUoFNR7xkqXf4wYToK7F+9X:qpcdYMzwoJCqP4WKpM
TLSH 900533DF5D8954F2A131E482D4E369BE5E9D78218ECA1F8FAF5089C94F11781CE29E0C
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: barajevo.org.rs
Sending IP: 37.49.224.97
From: "Trent Churchland" <marija.lazovic@barajevo.org.rs>
Subject: Urgent order please
Attachment: Order.zip (contains "Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21235.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/398cf1e2f47793893c4cd35ca89e542de3faac5dcbb7aa3b70957eed6c655d92/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 13:14:15 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hggpdyxuo6jyspcm2nokrhsufxr7vlc5zo32uo3qsv7o23dflwja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 398cf1e2f47793893c4cd35ca89e542de3faac5dcbb7aa3b70957eed6c655d92

(this sample)

MassLogger

Executable exe 89af10238032ab225e998887850c3910abd7183e67018abfe56b0bdebf2d50d9

  
Dropping
MD5 3a0d680c426a90a7c036228e18cb7ffb
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 89af10238032ab225e998887850c3910abd7183e67018abfe56b0bdebf2d50d9

Comments