MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 916b375e6d5c4d0c9248c9df0f041701cf9cf465bd164873266413a210dfb2dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 916b375e6d5c4d0c9248c9df0f041701cf9cf465bd164873266413a210dfb2dc
SHA3-384 hash: af873d8b190f361e1a74d6fa586c94b0b952676c6f80d305c36556119f783f5e22aff28e16ff50b0f566342fc86b8fec
SHA1 hash: 7cfb6d16ea25239eac56db91edf2e9cb3af76ceb
MD5 hash: d91e31b76235c6f0cd2b2f0d2352b5c6
humanhash: twenty-speaker-gee-gee
File name:SKBMT_ New Documents3_PDF.img
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'441'792 bytes
First seen:2020-06-02 07:15:29 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:YTR0RLBsnb4SfW75zjfcM4TXkrQq+v+E7WGsC:oReBr75nQDq+p7xs
TLSH 8F65120733AC9B50DABE5BF920A1505113FAF21B1091E39D6EDCE1DD6F26BC10A14B6B
Reporter abuse_ch
Tags:DHL img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: server.lazul.com
Sending IP: 82.194.91.57
From: DHL Customer Support <noreply@dhl.com>
Subject: Re: DHL Notification / DHL_AWB_01179303/ ETD
Attachment: SKBMT_ New Documents3_PDF.img (contains "SKBMT_ New Documents2_PDF.exe")

MassLogger SMTP exfil server:
mail.kogep-k.hu:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 07:36:54 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sfvtoxtnlrgqzesizhpq6baxahhzz5dfxuleq4zgmqj2eeg7wloa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img 916b375e6d5c4d0c9248c9df0f041701cf9cf465bd164873266413a210dfb2dc

(this sample)

MassLogger

Executable exe a94fbd3e8c8b1908012d463fecc5236811dbcdc2d23be3de80a27ed7f12495e1

  
Dropping
MD5 619385f8a66e117d6af0999684b06374
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a94fbd3e8c8b1908012d463fecc5236811dbcdc2d23be3de80a27ed7f12495e1

Comments