MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b8efab393a3d3d50718a0891666376a46cea194304517537384feb905dde47e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b8efab393a3d3d50718a0891666376a46cea194304517537384feb905dde47e
SHA3-384 hash: 908fb63c40561746232351f9371c39cc15329a34431b658089bbb3a72e0f8e621c8b35bdb33df84a83f1a0aa17d43ef9
SHA1 hash: 87f34635c6be06c27e736ff8dee2de284094b7f9
MD5 hash: 0fe883777430c5f49812d4a203772362
humanhash: nevada-bulldog-mirror-west
File name:your dhl paper-work attachment.img
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'900'544 bytes
First seen:2020-07-07 10:02:54 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:KFpRnQmqP1o9AwUmiGi2ABxt54SWKkp38yo6JPcKvNoB5LGMJu:cpRnQfMDSGi2Y4dKq38iPcaE5
TLSH 7A950A3976868495CD7B4636CC2E9DC0B7B566CA3742CB6F30CA43681E0279FBB47096
Reporter abuse_ch
Tags:DHL img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: box.poexpress.org
Sending IP: 165.227.56.84
From: DHL Express <me@poexpress.org>
Subject: New package just arrived
Attachment: your dhl paper-work attachment.img (contains "your dhl paper-work attachment.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.ENSB.3529.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b8efab393a3d3d50718a0891666376a46cea194304517537384feb905dde47e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 10:04:10 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nohpvm4tupj5kbyyucermzrxnjdm5imugbcrou3tqt7lsbo54r7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img 6b8efab393a3d3d50718a0891666376a46cea194304517537384feb905dde47e

(this sample)

MassLogger

Executable exe 8b1dca219122f7fb445edb2665d3bb2dac8983e61c380e15fc8e76087503ef84

  
Dropping
MD5 dd53cd8d7e526a0f6cd3f8b9dbf4dcad
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8b1dca219122f7fb445edb2665d3bb2dac8983e61c380e15fc8e76087503ef84

Comments