MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39c997230b03f22639eb7825ec76cedcfd36021f1d1dea821ffb714e42e8b4ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39c997230b03f22639eb7825ec76cedcfd36021f1d1dea821ffb714e42e8b4ce
SHA3-384 hash: cd90885d04685e2293e43a57f47051e489de82173839d83f5e7f4b14c6c13451288c4cafe786978ab0a9341262fa68f0
SHA1 hash: c22d2e42c3997d7838d3fd49bfd793a615c7e6e4
MD5 hash: 6007002bf4503a463801d52ec61108d1
humanhash: neptune-april-sad-asparagus
File name:ADKA INQ.CAB
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'247'978 bytes
First seen:2020-05-20 12:11:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:iHujAGHY5bkfVKkB6JOKMev2k5mMwkvUh8kbTsGj:Uu8ymyFIHMev2k0vkGLfsGj
TLSH 2145333E0FE41B2B8EEEAC313C8915CB5544CEBB472D61CF851AA46670F835CD491EA9
Reporter abuse_ch
Tags:cab MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: eepsjc1-02.nexcess.net
Sending IP: 104.207.238.163
From: Albabtain <abc@abc.sa.com>
Reply-To: jonah@briistol.com
Subject: 1nquiry from ABC(2005032)
Attachment: ADKA INQ.CAB (contains "ADKA INQ.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VZH.8859.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:31:38 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
8 of 48 (16.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 39c997230b03f22639eb7825ec76cedcfd36021f1d1dea821ffb714e42e8b4ce

(this sample)

MassLogger

Executable exe b4e5394cabb090592d987c1ee9bbee93b2f4aeb907cbbb70b62554f1bfc773eb

  
Dropping
MD5 97910a5d5c39a191f4fb1cc62a1f543d
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4e5394cabb090592d987c1ee9bbee93b2f4aeb907cbbb70b62554f1bfc773eb

Comments