MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41260597c88b8b0c957b5bd8258edee3eaf92c27289d014e711ad69fd8561172. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41260597c88b8b0c957b5bd8258edee3eaf92c27289d014e711ad69fd8561172
SHA3-384 hash: e015a91db6514440863c8b8fb9b2978bac50465c590181201e529cbcd3997b92572d5bedbe162e6893203c464c3c37d5
SHA1 hash: ce4fb2c068af9e6953d73b7e285c6f268db336ba
MD5 hash: 358724b3f06c0e40e8b211c9fa161e68
humanhash: delaware-xray-twelve-south
File name:Alb. 8120173035 Ref Cliente No115.R01
Download: download sample
Signature MassLogger
Create hunting rule
File size:16'323 bytes
First seen:2020-08-17 18:39:48 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 384:q9eQBtPBUfnRJb8ez4nG8+9BYZoN8KGuTGm2pLXwz9Zo2aKvzjepPi:q3BqRJ8GP9BYG8KDTwlXmCGHr
TLSH BB72E12B773E52428A55075DA442F4C2D0201E42C1669ECBCFF77FE908869F26F84FA2
Reporter abuse_ch
Tags:MassLogger r01


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: comercial.mad@ertransit.com
Subject: Fwd: Justificante pago 17-08-2020 08:50:43
Attachment: Alb. 8120173035 Ref Cliente No115.R01 (contains "Justificante pago 17-08-2020 Alb. 8120173035 Ref Cliente No115 - doc04361120200812113759-SKBMT-17-08-2020-img00125.exe")

Unknown payload URL:
http://reklamebeograd.rs/X19.jpg

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41260597c88b8b0c957b5bd8258edee3eaf92c27289d014e711ad69fd8561172/
Threat name:
Script-PowerShell.Downloader.Powedon
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 14:21:27 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ietalf6irofqzfl3lpmcldw64pvpslbhfcoqcttrdllj7wcwcfza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/41260597c88b8b0c957b5bd8258edee3eaf92c27289d014e711ad69fd8561172

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r01 41260597c88b8b0c957b5bd8258edee3eaf92c27289d014e711ad69fd8561172

(this sample)

MassLogger

Executable exe eea7d4aca711aac314c2084ec894f1a02077e3c15e1d2dde7ec6fb3b902f0842

  
URLhaus
https://urlhaus.abuse.ch/url/435077/
  
Dropping
MD5 163557d4c11c6ce610c6f1a0fc7507d3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eea7d4aca711aac314c2084ec894f1a02077e3c15e1d2dde7ec6fb3b902f0842

Comments