MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99d91b9ce9df1471fcdc6f7f13213714c06597b3a28e0dc5ed03514df1fcf1d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99d91b9ce9df1471fcdc6f7f13213714c06597b3a28e0dc5ed03514df1fcf1d9
SHA3-384 hash: 079c751e64630497ef80e6889d31c08a79c9d6a00746d51420acf0f12173d1c20bb01691e33af5498995b49f30f7c3a0
SHA1 hash: aa0e69f517b54a1bd3447b9dc8d9b593317b8a91
MD5 hash: 36379e697171894106b9f11d04a2d322
humanhash: mountain-carolina-ink-sweet
File name:Payment Advice -SWIFT Transfer.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:690'067 bytes
First seen:2020-06-24 07:37:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:w1Tyk41rDrG7LvTx/GfcI+Y6QlhAY00E1rlg3G3zfa2f6Sohm2D:UWka2x4l6Qd2lg38f6fm2D
TLSH AEE43369D47D2F2C01095DE18B96A449C0E5F8818D79FCA3A2E626F2543F6E343D88DB
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: onebank.com.bd
Sending IP: 37.49.230.191
From: ONE Bank Ltd< info@onebank.com.bd>
Reply-To: Email ADMIN <noreply@domain-admin.com>
Subject: Payment Advice -SWIFT Transfer
Attachment: Payment Advice -SWIFT Transfer.rar (contains "RERNUfz9gKRskHi.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99d91b9ce9df1471fcdc6f7f13213714c06597b3a28e0dc5ed03514df1fcf1d9/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 07:39:05 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=thmrxhhj34khd7g4n57rgijxctaglf5tukha3rpnaniu34p46hmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 99d91b9ce9df1471fcdc6f7f13213714c06597b3a28e0dc5ed03514df1fcf1d9

(this sample)

MassLogger

Executable exe 7d56a78ec4597281ff8c36645c1ff7286cf3d494965a2acd6666ece2d8ff856b

  
Dropping
MD5 234622a7b5776ebdc4b3d1bbb9de5e3f
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d56a78ec4597281ff8c36645c1ff7286cf3d494965a2acd6666ece2d8ff856b

Comments