MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94346921a393491186c134bd6a55b98c98b95d69e6d0066bbb4385899ff7599c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94346921a393491186c134bd6a55b98c98b95d69e6d0066bbb4385899ff7599c
SHA3-384 hash: 094e775dbcdb83a0e68eaf10d1076a08d1cb678e2b548f30ac2738883b24a6afe505c04c24d108bf404161440e402093
SHA1 hash: 155816a85d5fbfbf6a4bd9ef8e87bbc6ecae37de
MD5 hash: 52d01391c8b20c5511d6148cb78dce9a
humanhash: magnesium-shade-foxtrot-happy
File name:DHL Overdue Account Notice - 1301288547.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:846'566 bytes
First seen:2020-06-10 08:55:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:5Et1csCDHlSqIANCvT+XCcYMrcnh3QrtwTIanN/WGr0Jp1:5EgsiSXKGTljMrMuwE0N/WGW
TLSH 010523E78AEECF341ACB467D9461A709A3562AF18E4CE15F67720420F89851F48D1B3B
Reporter abuse_ch
Tags:DHL MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: dhl.com
Sending IP: 37.49.230.191
From: DHL International <MNL.Query@dhl.com>
Reply-To: Email ADMIN <noreply@domain-admin.com>
Subject: DHL Overdue Account Notice - 1301288547
Attachment: DHL Overdue Account Notice - 1301288547.rar (contains "k1f0Acf29eG3FzJ.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 08:56:06 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sq2gsindsnerdbwbgs6wuvnzrsmlsxlj43iam253iocyth7xlgoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 94346921a393491186c134bd6a55b98c98b95d69e6d0066bbb4385899ff7599c

(this sample)

MassLogger

Executable exe 5caa7e9eb486ca9161d410e9fe1dc4074c3b0c66f8d6cd05ab5ae6dd35837c5a

  
Dropping
MD5 4638aa710733a365c1265303da13c0b3
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5caa7e9eb486ca9161d410e9fe1dc4074c3b0c66f8d6cd05ab5ae6dd35837c5a

Comments