MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 495fdf3a95e1f56f9ec94bfdcdafe87a41be371947f24853c18cc98b24a6a281. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 495fdf3a95e1f56f9ec94bfdcdafe87a41be371947f24853c18cc98b24a6a281
SHA3-384 hash: 2f42d6693ca214151578c5f98a5df07701ca9047e0ad21cb2be1b5a9f19eea429dbd2c99690efa0b7f1964aa4d1f5940
SHA1 hash: bba2fcd204840b1235dea163bbfeae3a59e3b763
MD5 hash: f6e60d4e007049b18de4fb87c38927c3
humanhash: butter-bakerloo-magazine-pennsylvania
File name:Request for new order.exe
Download: download sample
Signature MassLogger
File size:896'000 bytes
First seen:2020-06-30 09:01:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 24576:RsieGrWY44/X5ohn87vGFZ7J9lgX4pntw7:R9kY44/O1BFVJ9Fptw7
TLSH D1151270B259C9DAE8B5E3B1986ACC211FA2A55FA031D30D28D2779D99B37020173F5B
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: server.linux61.papaki.gr
Sending IP: 138.201.206.39
From: info@toroslar.com.tr
Subject: Re: Yeni sipariƟ talebi
Attachment: Request for new order.zip (contains "Request for new order.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 28
Origin country FR FR
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17062/
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/495fdf3a95e1f56f9ec94bfdcdafe87a41be371947f24853c18cc98b24a6a281/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Androm
First seen:2020-06-30 09:03:10 UTC
AV detection:23 of 31 (74.19%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:masslogger
Link: https://tria.ge/reports/200630-zz6wvgsten/
Tags:ransomware spyware stealer family:masslogger
VirusTotal:Virustotal results 10.96%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 495fdf3a95e1f56f9ec94bfdcdafe87a41be371947f24853c18cc98b24a6a281

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments