MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a96a475be3398490fb0cb4e92cb758e7c8bba0f866f8fec08349043c7ea8313c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a96a475be3398490fb0cb4e92cb758e7c8bba0f866f8fec08349043c7ea8313c
SHA3-384 hash: 392cec5b6cd4eebbef78aaf5d1cf4877a7510494b52882a28ef5e79c0d10936881753aa75c87a7ee6fb52437cf7747f5
SHA1 hash: 7576d951e4d4ef00bc204581068d163b6d7adfe6
MD5 hash: 0d16e908f991fb5a9ce6dbbabe4d9aa6
humanhash: bakerloo-missouri-minnesota-cold
File name:Emailer Quarterly Tax Returns for April and March 2020.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'964'420 bytes
First seen:2020-05-21 10:15:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:WMdnYLclDgrmrs6JvBbSm/Zet8npyzCTiQSBbw+pO:HxYLoZrsKvBjhWRsi/w+U
TLSH 31953364C1BAACBEDB11AC1A2F14928B7C32F846FFA6F26301BFDC265551085654ECF1
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: vps.boeschboddenspies.com
Sending IP: 45.95.169.119
From: FTA Communication <info@boeschboddenspies.com>
Subject: VAT Return Filing and Payment Notification
Attachment: Emailer Quarterly Tax Returns for April and March 2020.gz (contains "Emailer Quarterly Tax Returns for April and March 2020.exe")

MassLogger SMTP exfil server:
smtp.ge-lndustry.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.UCB.1335.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:37:08 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vfveow7dhgcjb6ymwtuszn2y47elxihym34p5qedjecdy7vige6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip a96a475be3398490fb0cb4e92cb758e7c8bba0f866f8fec08349043c7ea8313c

(this sample)

MassLogger

Executable exe 6033acde8c4bde98b22ad4e45db8bc34123e794019b42750a3430ba97e33c804

  
Dropping
MD5 48beacc3662cc5784bb8bd925958f50b
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6033acde8c4bde98b22ad4e45db8bc34123e794019b42750a3430ba97e33c804

Comments