MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ba5ce16bf73c85f50e74a68e57cfde7def940e9df130789deb9034de05e9d68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ba5ce16bf73c85f50e74a68e57cfde7def940e9df130789deb9034de05e9d68
SHA3-384 hash: 962f4562ebc61084ecbf91baaad44561db4be7528fd0fa9390ed5a46728ec2d14f4c458b3bfb818d3308cd2ca16e393b
SHA1 hash: a1b473dcf1e484335363e97a909a7f4019a775ac
MD5 hash: d69dba4c6a5f515a07ac21eb1a788801
humanhash: fourteen-black-social-illinois
File name:RK- PO No- IPO-2020101.img
Download: download sample
Signature MassLogger
Create hunting rule
File size:2'555'904 bytes
First seen:2020-06-10 11:02:44 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 49152:+iv/+AI34ZInC2ro3a1v/+R9rO66ey3J0xUcJ:++/FmCInF31/O97y3J0B
TLSH 2EC5F188369476AFC41BCCB6C9E41C609BA0B4679327D243A44715ED9E0EBDBCF146E3
Reporter abuse_ch
Tags:img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: smtp-7.skok.cz
Sending IP: 77.78.76.134
From: ESMA - Purchase (Orders) <import.orders@esmagroup.com>
Subject: Request for quotation: 200326 RK- PO No- IPO-2020101Dated-08/06/2020
Attachment: RK- PO No- IPO-2020101.img (contains "RK- PO No- IPO-202010.exe")

MassLogger SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WGM.2539.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 09:10:41 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nos44fv7opef6uhhjjuok7h547ppsqhj34jqpco6xebu3yc6tvua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img 6ba5ce16bf73c85f50e74a68e57cfde7def940e9df130789deb9034de05e9d68

(this sample)

MassLogger

Executable exe 6a47bf03b1ffebac3ef5497af7d67aa562f3c401c3694d8551f7092f7f469313

  
Dropping
MD5 872bbe47103f3490f22339d135c1a0a4
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6a47bf03b1ffebac3ef5497af7d67aa562f3c401c3694d8551f7092f7f469313

Comments