MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2756dc3ce7107bc0f97b4672636c24f9b27f92d822476e5157b15dff29d4218. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2756dc3ce7107bc0f97b4672636c24f9b27f92d822476e5157b15dff29d4218
SHA3-384 hash: d393005bbbdd859770dfe7ae0c66a0f9f7c33261806afce96a127e082058a723be764b3c0486b9f1eeec1afbc9aa35d5
SHA1 hash: 12d744d6a28d8d463c143440efde32c3abe5cb82
MD5 hash: 168a743b2692422c28cbc60e32e40d24
humanhash: louisiana-summer-high-monkey
File name:SCAN 0004 order lists.PDF_____________________.r00
Download: download sample
Signature MassLogger
Create hunting rule
File size:647'854 bytes
First seen:2020-07-03 06:41:56 UTC
Last seen:Never
File type: r00
MIME type:application/gzip
ssdeep 12288:A74tidt8/yj8MTo+85WqSN+TFjR2gzihRCVXvwm998fXqt8UTATIm:AMtidt3E+uSN+TF4gih8lTCqSUTAMm
TLSH 6DD423F4CEB9860481560FE2F40D84CAC6BBA87D721D57C3DC92B40AE87DAE4CB554E6
Reporter abuse_ch
Tags:MassLogger r00


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: eleasunn.com
Sending IP: 38.68.38.14
From: info@eleasunn.com
Subject: Quotation
Attachment: SCAN 0004 order lists.PDF_____________________.r00 (contains "SCAN 0004 order lists.PDF_____________________.exe")

MassLogger SMTP exfil server:
mail.devor.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2756dc3ce7107bc0f97b4672636c24f9b27f92d822476e5157b15dff29d4218/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:43:07 UTC
AV detection:
28 of 47 (59.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uj2w3q6ooed3yd4xwrtsmnwcj6nsp6jnqishnzivpmk574u5iima._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 a2756dc3ce7107bc0f97b4672636c24f9b27f92d822476e5157b15dff29d4218

(this sample)

MassLogger

Executable exe c1f47530ee05dd0e8f351afba5b62ff75d331c5bd3b292e2fe14e3db2aaabff4

  
Dropping
MD5 e35e97c54543b4c8ec25e140e2865341
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c1f47530ee05dd0e8f351afba5b62ff75d331c5bd3b292e2fe14e3db2aaabff4

Comments