MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98b94a69e5bbb73e9ed6c65f1aa949b50ecb4e3b779316fe09f6b80a7f4614e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98b94a69e5bbb73e9ed6c65f1aa949b50ecb4e3b779316fe09f6b80a7f4614e9
SHA3-384 hash: ba38ea763a0688f282de1f59861aa561aa594f4ae4c3e2f8c97df478a2e1e5b1cb5fa07a9651f56d8e9f45762b22c7f9
SHA1 hash: 89f7ab042971b36e5711402badbc1b2cbf762d5d
MD5 hash: 70d09bbaa8cfc229ff808ea797f15dda
humanhash: stream-north-romeo-michigan
File name:ALL LIST 304853058.IMG
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'966'080 bytes
First seen:2020-06-03 08:04:40 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:GaUDdj6VEt6lBvyPDZr+9v9OGFphSx+S0BE0XolSYyGuOHHtcDSW4OTR:Qh6N/vSFr+N9OGxSxDEZolXyeHHtS
TLSH 4C956B3279D28815C928027644699AC4BAF67B443653C72EF1AF535B9F03B2FBB121CD
Reporter abuse_ch
Tags:img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.globaldispomedika.com
Sending IP: 203.77.234.26
From: 大和塚 <gudang@globaldispomedika.com>
Subject: RE: Loading/ Shipping Advice - Draft Docs,
Attachment: ALL LIST 304853058.IMG (contains "PO# 304853058 - NEW ORDER.exe")

MassLogger C2:
http://rowlinson-knitwears.com/themes/classic/assets/pn/upload.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 23:31:12 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tc4uu2pfxo3t5hwwyzprvkkjwuhmwtr3o6jrn7qj624au72gctuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img 98b94a69e5bbb73e9ed6c65f1aa949b50ecb4e3b779316fe09f6b80a7f4614e9

(this sample)

MassLogger

Executable exe 291acc1800bb543e73f85a5ec925fba62d9af86f75091fd7993c20d4fe78e22c

  
Dropping
MD5 e1b530b53135e5f15c6ee5e07818d3dd
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 291acc1800bb543e73f85a5ec925fba62d9af86f75091fd7993c20d4fe78e22c

Comments