MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65afafafe255d6bfddf59aae812ba9d1e750517ea949f76e64195fa30ab69eee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65afafafe255d6bfddf59aae812ba9d1e750517ea949f76e64195fa30ab69eee
SHA3-384 hash: 29c44ddbfbd3ed7ba2641fe1a6d3b9fdbfd021196d443c429e40345a7d236666b0bf0623cd97530b86ab6b5d2ecdbc33
SHA1 hash: 5551219d7ee688d0acf8f192c21e5cdd9fbd0f66
MD5 hash: 335bf3383f2451de4ed1d807e2ab5364
humanhash: berlin-solar-triple-fourteen
File name:Final P.O 21104538.pdf.img
Download: download sample
Signature MassLogger
Create hunting rule
File size:818'871 bytes
First seen:2020-05-28 13:55:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:2UVLlz5jJqpCs0FGJNx8VPesIgd0Be3mUwXp7y2GZTvPNRb3jpO9uehMCPlAosc6:2wgCs04NC9/d0YvmW3nx+MdKO6lk
TLSH 5805237245FF2B6E69A1DF9A3AE1DF91B0409AC84C6773601481FE05C18F692274C9DF
Reporter abuse_ch
Tags:img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.909.com.tw
Sending IP: 218.32.210.122
From: morris@win-textile.com
Subject: Final P.O #21104538
Attachment: Final P.O 21104538.pdf.img (contains "Final P.O #21104538.pdf.exe")

MassLogger SMTP exfil server:
smtp.lifechangingresult.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.fc.4709.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 14:36:07 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
21 of 47 (44.68%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 65afafafe255d6bfddf59aae812ba9d1e750517ea949f76e64195fa30ab69eee

(this sample)

MassLogger

Executable exe 4d47d2e29b7056f1d96947436ffc1eb030102f1b4b949d7708d33e77a321a831

  
Dropping
MD5 1c02618a51b79377080170a4caa4f254
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4d47d2e29b7056f1d96947436ffc1eb030102f1b4b949d7708d33e77a321a831

Comments