MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5de09c56f9c38607fe9f0de7608672b30ae3c626fbb894f1c54ff12847247042. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5de09c56f9c38607fe9f0de7608672b30ae3c626fbb894f1c54ff12847247042
SHA3-384 hash: e99d2035d1781070babdddaf7c72a246909b7918dfd206cd198eec88f9d4ca2291b7bc50294bf0448a74e4b70701d029
SHA1 hash: 84524ab24fdcbf424473a5a0def9f94265a05d4d
MD5 hash: 1f7b662bb28f1c3b5c19309669878d18
humanhash: social-paris-dakota-alanine
File name:M02006088349.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:782'398 bytes
First seen:2020-06-24 05:48:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:OhYMi2i0w2eFsZXrwn9kvxSBy0QJilb27MJYqF2dtbClT33dKIFEGECBOqHPueIP:P10w2HZrO9yl1ily7MeYEtbCRdKIFpED
TLSH 01F423EB2CE37AD098A65BC758D47311CB429769C365E2E59382CF2F0D873A3644D239
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: 1076.vps.hostfactory.ch
Sending IP: 185.66.108.99
From: Girish Joshi <dy.cfo@fujairahport.ae>
Subject: Purchase Order 806247
Attachment: M02006088349.zip (contains "M02006088349.exe")

MassLogger SMTP exfil server:
mail.cyberclone.biz:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5de09c56f9c38607fe9f0de7608672b30ae3c626fbb894f1c54ff12847247042/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:50:05 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lxqjyvxzyodap7u7bxtwbbtswmfohrrg7o4jj4ofj7ysqrzeobba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 5de09c56f9c38607fe9f0de7608672b30ae3c626fbb894f1c54ff12847247042

(this sample)

MassLogger

Executable exe 6e9f7bde41c353c8f2f492dd4e41454a45a8d8d222f2593d7174dca50e410f44

  
Dropping
MD5 1c47a90df5889a4705a226e1081fcbb9
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6e9f7bde41c353c8f2f492dd4e41454a45a8d8d222f2593d7174dca50e410f44

Comments