MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 967829fdb0b2f1b7a86923187553ebf53066b92d543ca6d2587519a9700999da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 967829fdb0b2f1b7a86923187553ebf53066b92d543ca6d2587519a9700999da
SHA3-384 hash: 4871e3c54e2322c5c43814fef93bbeb1c65c860d696b4c1647cfa42e1a690cb639776d4fad0da0c6694c6fb4c439bf74
SHA1 hash: fe7f5e0ec4fa6f0385c8977dac3eb4460cad58aa
MD5 hash: 4ccdf3b0fbdeaaefa11e991ea19d18b4
humanhash: low-seven-thirteen-oregon
File name:file.i
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'966'080 bytes
First seen:2020-06-02 06:46:48 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:IaUDdbH6VEt6ExgzOQyStiRMrTyHrmfD4vkUcu2S1wxgRpWcbIw39/1:+1H6NxOQyIXWrm7ZnzzxgP9d
TLSH 64955A2E71C25854C5298171843A9BC0BAF26B413653CB2EF5AFA31B5F12B1F77260DE
Reporter abuse_ch
Tags:geo i KOR MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: smtp67.iad3a.emailsrvr.com
Sending IP: 173.203.187.67
From: Kim Na-hyun <kolonpr@kolon.com>
Reply-To: youngkyu_limc@kolon.com
Subject: 주의: 코오롱글로텍 대표자 변경의 건 [천안공장](계산서,거래명세표 대표자 변경 요청)
Attachment: file.i (contains "IMAGE.EXE")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 03:29:00 UTC
File Type:
Binary (Archive)
Extracted files:
19
AV detection:
9 of 31 (29.03%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sz4ct7nqwly3pkdjemmhku7l6uygnojnkq6knusyoum2s4ajthna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

iso 967829fdb0b2f1b7a86923187553ebf53066b92d543ca6d2587519a9700999da

(this sample)

MassLogger

Executable exe 2f4324dda02f8721cf5c0c0ed404de8fedbc46cf8fb1dda0e3ec3d07d6fb42e0

  
Dropping
MD5 77fe809f6ab75c8e4ca3b09d79e7d1c5
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2f4324dda02f8721cf5c0c0ed404de8fedbc46cf8fb1dda0e3ec3d07d6fb42e0

Comments