MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e635b2d130fa7aa559ffea07c18018efe0b1539681707ddfc7557ea1c387026. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e635b2d130fa7aa559ffea07c18018efe0b1539681707ddfc7557ea1c387026
SHA3-384 hash: 0c3357f663cd1fa003c6e14223a6ddb92c8929c1381dcfdf5486b8b29cfdc5d97492fb4d34b521a6e126d3fae35f5077
SHA1 hash: a3db6554f74eb354c7426267948bd1acf1ea74dc
MD5 hash: 7717a88eabc7e38734f8061d359d5358
humanhash: jig-magazine-london-fish
File name:PO_6292020_IMG.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:813'702 bytes
First seen:2020-06-29 12:23:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:CPjUv8vS5D+HJ9tJCAkCI3hy4UXV478nEiPNy4:CPjUkvS5DefJCLCIRy4IS8nE+/
TLSH EB05235A233D7E31BEBC1D4E7EBFA011A506721BEC3A89EA7A0EA4C4447441ED524C5F
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.75
From: LUDUX GENERAL TRADING INC <office@biotast.com>
Subject: New Order
Attachment: PO_6292020_IMG.rar (contains "PO_6292020_IMG.exe")

MassLogger SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e635b2d130fa7aa559ffea07c18018efe0b1539681707ddfc7557ea1c387026/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 12:25:05 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nzrvwlitb6t2uvm772qhygabr37awfjznalqpxp4ovl6uhbyoata._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 6e635b2d130fa7aa559ffea07c18018efe0b1539681707ddfc7557ea1c387026

(this sample)

MassLogger

Executable exe ece833b1eb93817bbbdaa4e6ae2c05da09afd81704edc29c0908af20156710c5

  
Dropping
MD5 0d527b4d196f25e5b59780524c80934b
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ece833b1eb93817bbbdaa4e6ae2c05da09afd81704edc29c0908af20156710c5

Comments