MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ee17266201356e5ce8814e47808256ba1b5fc735f0b813241cf2ad49a1bf229. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ee17266201356e5ce8814e47808256ba1b5fc735f0b813241cf2ad49a1bf229
SHA3-384 hash: 5359dc9b99ba1a49928e5459835f55b5137b75433499583f3853d8333e489a85722ed9d8f636103888ac54f4fc472ec4
SHA1 hash: a41aa1ad2c1bf2819cee1d7808d78d89baa36362
MD5 hash: 8469e56c418e3f3472ef931ba0b988bb
humanhash: eight-mexico-london-colorado
File name:Drafts.IMG
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'703'936 bytes
First seen:2020-06-04 07:08:44 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:t+V+N8O9+idQargpaZDuN71q0TcfQE2YzL0V1fb0a2FnQZh:IYN9rWsgMZDuN1qucfQBo0nfIa62
TLSH F475BE9C721071EFC85BD472DEA81D68FA6038BB971B4213A42715ADEE4C997CF244F2
Reporter abuse_ch
Tags:img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.globaldispomedika.com
Sending IP: 203.77.234.26
From: 大和塚 <gudang@globaldispomedika.com>
Subject: Loading/ Shipping Advice - Draft Docs,
Attachment: Drafts.IMG (contains "PO# 2001834904 - NEW ORDER.exe")

MassLogger C2:
http://rowlinson-knitwears.com/themes/classic/assets/pn/upload.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 18:52:00 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j3qxezracnloltuictshqcbfnoq3l7dtl4fycmsbz4vnjgq36iuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img 4ee17266201356e5ce8814e47808256ba1b5fc735f0b813241cf2ad49a1bf229

(this sample)

MassLogger

Executable exe b3a68a5f2b68c4d0bb8d440144a968a680c954976bfeec54ae8074f616c0aded

  
Dropping
MD5 7a849ed6586951b2f1ceccdd8df1c651
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3a68a5f2b68c4d0bb8d440144a968a680c954976bfeec54ae8074f616c0aded

Comments