MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e4fa34445f2439fe41ba7df0502aad79728646a2138b264e5945c9c980794ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e4fa34445f2439fe41ba7df0502aad79728646a2138b264e5945c9c980794ce
SHA3-384 hash: 4f113f783833f5eb87edb8f0f52eea8cbf7fd1fd06f2ccd1470a5d7ef19e1095d25dc065f1130e6f5810a34a44241342
SHA1 hash: 40aae52d6f135869877aba34cd33229335229986
MD5 hash: bcd8b981f9806750d706051e3b32342a
humanhash: pasta-yellow-low-lactose
File name:PO 2001840394 - NEW ORDER.IMG
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'900'544 bytes
First seen:2020-06-12 06:40:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:AaUf6VEt6kJTU+XpkX/+sVjYVLQJvNA5jU8qgPUi5e+PaOvcgG4:mf6NkJTVpkbVjaEjWqgPUi5xPa
TLSH 57956B2B74C25814C2284736C06A9AC097F667863693CB1EF6EF535B0F02B9FBB554C9
Reporter abuse_ch
Tags:img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: 163.com
Sending IP: 104.168.190.194
From: Fazil| Marketing Executive <ncwong@163.com>
Subject: redacted@threatwave.com Almost Full victim-domain Kindly Update
Attachment: PO 2001840394 - NEW ORDER.IMG (contains "PO# 2001840394 - NEW ORDER.exe")

MassLogger C2:
http://talleresaramia.com/themes/default-bootstrap/img/icon/obc/upload.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.684808.5812.2288.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:42:07 UTC
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nzh2grcf6jbz7za3u7pqkavk26lsqzdkee4lezhfsrojzgahstha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img 6e4fa34445f2439fe41ba7df0502aad79728646a2138b264e5945c9c980794ce

(this sample)

MassLogger

Executable exe b88b1caee334cbd27f17d4310f2b51c26a5a9411452ad2f4b7fa17e1e81b59fb

  
Dropping
MD5 5023566d205bcc7958ccbc84be950e9d
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b88b1caee334cbd27f17d4310f2b51c26a5a9411452ad2f4b7fa17e1e81b59fb

Comments