MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3f246ce9692ab908e3384120ee5ef294d73da87bb2a3356152427c43fd5bbda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3f246ce9692ab908e3384120ee5ef294d73da87bb2a3356152427c43fd5bbda
SHA3-384 hash: b9ead76e4a8830d58e86b998ed63d230878679f7a18b9c73fab00915f6c87d70c0fff3f54f3e6a7139f0a933aa27b9e3
SHA1 hash: 03cb6740cf4b6e3cb98a15384f6b0411f83626a3
MD5 hash: bdc0fb2d3a2d7422f48c10d995e1d281
humanhash: undress-apart-nebraska-happy
File name:PO NOAB1088 -890998767909766.pif.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:644'159 bytes
First seen:2020-07-13 06:58:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:pYW+3si3hraakqpgKBVcp9KNBN13FPzpwuaQNURsP8fypn0f2Wu74e6T8LGeKS:tgvsakqfVk9KbptTNgsPYyp0fs7tsS
TLSH 2DD433A2376F7AEB1F1C4CFD58EBF2325A1C40DA42B9D8CDB2E2455D1846EA31885F14
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: montemuino.com
Sending IP: 185.222.57.163
From: VIKAS C E <nalmeida@montemuino.com>
Subject: Re: PO NO:AB1088
Attachment: PO NOAB1088 -890998767909766.pif.zip (contains "PO NOAB1088 -890998767909766.pif.exe")

MassLogger SMTP exfil server:
smtp.inprocorps.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3f246ce9692ab908e3384120ee5ef294d73da87bb2a3356152427c43fd5bbda/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 07:00:07 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=upzentuwskvzbdrtqqja5zppffgxhwuhxmvdgvqveqt4ip6vxpna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip a3f246ce9692ab908e3384120ee5ef294d73da87bb2a3356152427c43fd5bbda

(this sample)

MassLogger

Executable exe 2c58586fa63f30484f632c92f18ee119950537c49e956f5b185bb5de21585ab6

  
Dropping
MD5 f81dcda90d66e0f8b298be8f34d3025f
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2c58586fa63f30484f632c92f18ee119950537c49e956f5b185bb5de21585ab6

Comments