MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90b541c5d2b2738109fe53bef96ac20d79f45997467fa7417c74bef812850b8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90b541c5d2b2738109fe53bef96ac20d79f45997467fa7417c74bef812850b8c
SHA3-384 hash: 3c9e5e60713e3de218029ac2422abfd9059770cadc322fb889a75d429323212b0bda03be6e33f9899af3d006faf17eba
SHA1 hash: 3512df1624733f01b383d06a8c723ecd47fe2e1e
MD5 hash: 42ea996963b40fa149c967edb3def794
humanhash: diet-fish-nineteen-hot
File name:Veitstar Inquiry.CAB
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'502'681 bytes
First seen:2020-06-11 13:52:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:VeK2aDs6IDMCVylnPEKTHfPS+zTiVOIGmpP87Ld78gLsrJMmVmezdNp84PSxEfCe:9A6UM6usKbPHzuVODmpP8HBxLHmjfp8g
TLSH 51653340718FAC4857A89BFB55A4BECA6E561C0AC7FE57BDFE35E30143599E84C22308
Reporter abuse_ch
Tags:cab MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: slot0.rebelliongate.xyz
Sending IP: 45.95.169.223
From: info@vietstar.com.vn
Subject: Inquiry from Veitstar Veitnam
Attachment: Veitstar Inquiry.CAB (contains "Veitstar Inquiry.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis.21100.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Crysan
Create hunting rule
Status:
Suspicious
First seen:
2020-06-11 13:54:37 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sc2udroswjzyccp6ko7ps2wcbv47iwmxiz72oql4os7pqeufboga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 90b541c5d2b2738109fe53bef96ac20d79f45997467fa7417c74bef812850b8c

(this sample)

MassLogger

Executable exe 44a169140fbd4a243478d8504cb62dd7a5d2225df55d058c4aa71dd0c0d7c480

  
Dropping
MD5 5c8c2fb2fbd3c20a62a107e34226e90f
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 44a169140fbd4a243478d8504cb62dd7a5d2225df55d058c4aa71dd0c0d7c480

Comments