MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 977d21cb71920a203ee36581aaea68fb5353d5d3dc717a509ac11d4477233e95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 977d21cb71920a203ee36581aaea68fb5353d5d3dc717a509ac11d4477233e95
SHA3-384 hash: ecedccc1d9069837db944f02d1890af439bc336b82327f3f44430c843cccecc55735f40275df52b2e51be4ceb2a82324
SHA1 hash: f17eb6e766c15c295e61ae5725c96ca8075a69ea
MD5 hash: 28bbe3759716d0651965f71ef28b2b40
humanhash: sixteen-vegan-maine-yellow
File name:PO032152033.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:818'037 bytes
First seen:2020-06-15 13:49:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:ml/WVBeePRspG8pgoUq3TEfwTq8319wrK0aQl:mxUPRs4lrfwTq83YO0V
TLSH B905234E3F9AB7917962AD0169E04E2F6167C8059533D2E8EE30A8C871057F19EFFC58
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: swc.com
Sending IP: 37.49.224.210
From: Vishel Meshra <vishel.m@swc.com>
Subject: RFQ-PR/20/92
Attachment: PO032152033.rar (contains "DWpf7qNBLPPq8hR.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Spyware.Maslog
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:51:03 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s56sds3rsifcapxdmwa2v2ti7njvhvot3ryxuue2yeoui5zdh2kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 977d21cb71920a203ee36581aaea68fb5353d5d3dc717a509ac11d4477233e95

(this sample)

MassLogger

Executable exe 6b3d989c2547f7a030404c44f435bfdb571e9d00113970f5941211e422193301

  
Dropping
MD5 dcff47cc8def7278094a684a75b9ac21
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6b3d989c2547f7a030404c44f435bfdb571e9d00113970f5941211e422193301

Comments