MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f1384b82b65febe08b4589e556b8637ab71453fcec2329294f8fe7354ee48a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f1384b82b65febe08b4589e556b8637ab71453fcec2329294f8fe7354ee48a4
SHA3-384 hash: c275262c79267a912f85a5eb6c2250b0f1cc9f3c519ec62bc02297b4b5cd4199e2b32b16553c2c1fdc2910517d165255
SHA1 hash: 4295307dfc3746050bda4ee59e183ad79c9ea86a
MD5 hash: b374804fea63176ab0f67af516db9a4c
humanhash: jupiter-william-aspen-quiet
File name:Outstanding PO - 14-Jun-2020.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:812'445 bytes
First seen:2020-06-15 05:42:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:tWR3Eda+skM9gaL2JlRYA2bgwceWzia9/9dic0Kopb:8UdatkAgaqJlRY33cZiat9dCTb
TLSH 3E05235F7E139BF35C026396496C078A83260BB41942A13FCFA5AB73A95394FD7843C9
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: feromilano.com
Sending IP: 37.49.230.119
From: Sergio Cortesi <sergio.cortesi@feromilano.com>
Reply-To: ysondoqah.jo@gmail.com
Subject: Expedite Outstanding PO - 14-Jun-2020
Attachment: Outstanding PO - 14-Jun-2020.rar (contains "Outstanding PO - 14-Jun-2020.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 05:44:06 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j4jyjoblmx7l4cfulcpfk24gg6vxcrj7z3bdfeuu7d7hgvhojcsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 4f1384b82b65febe08b4589e556b8637ab71453fcec2329294f8fe7354ee48a4

(this sample)

MassLogger

Executable exe 8caf81f11bf9898ce2e1e91ed450197ae089f1088c666a2d665ae589ceb12a7e

  
Dropping
MD5 7d1562810fa826af4ddcf7048be36b11
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8caf81f11bf9898ce2e1e91ed450197ae089f1088c666a2d665ae589ceb12a7e

Comments