MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97f6000cab6b073f0b9ab2dba08305ffa57712cf212cb3f94076acc2fae3c448. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97f6000cab6b073f0b9ab2dba08305ffa57712cf212cb3f94076acc2fae3c448
SHA3-384 hash: 76b1bb1b97936118731db87e9ab5fd77abdd7c3e63d646c45dce8ad4645b60cebe732d4f588f914f6f3de7d3eaae4142
SHA1 hash: 4a19196e5a415b71c9f58d4d24992a534f2ad541
MD5 hash: 8ca1191f931f8c51160db50741face56
humanhash: muppet-carolina-fix-sodium
File name:PRODUCT SPECIFICATION.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:789'394 bytes
First seen:2020-06-15 12:44:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:AoPbl+/s31VEpoyjLXP88psgDBanNe/uRrQXDnWvRoIdvwyeQf:r+/eOpoyXRDBcHRsTnWvRoqbZf
TLSH C5F4333EB318B726AFBE840C05FE50BA8FF5A71887F7563446C475309991861EC90AF6
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: smtpironprot-3-122.vip.sina.com
Sending IP: 202.108.3.135
From: VERN <qinfang899@vip.sina.com>
Reply-To: qinfang899@vip.sina.com
Subject: PRODUCT SPECIFICATION
Attachment: PRODUCT SPECIFICATION.rar (contains "ZmDuodFsvNKHOFU.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:46:04 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s73aadflnmdt6c42wln2bayf76sxoewpeewlh6kao2wmf6xdyrea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 97f6000cab6b073f0b9ab2dba08305ffa57712cf212cb3f94076acc2fae3c448

(this sample)

MassLogger

Executable exe 517f3d09030f81666c8a07fc1e8817de66f46c6f821040a96e5d54427fd69756

  
Dropping
MD5 08571d6f9746995f70f4070326535aa8
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 517f3d09030f81666c8a07fc1e8817de66f46c6f821040a96e5d54427fd69756

Comments