MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac90dc8f8c4af0280c46e9523d54375ce27fcc6173301d127758f9842e592bcb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac90dc8f8c4af0280c46e9523d54375ce27fcc6173301d127758f9842e592bcb
SHA3-384 hash: 8bec5b0be3b0effa85c48527c0c5665a12d304f7f989cf893abbd92c236029007b2ae384e452bdc2e68c7c63bce94cfb
SHA1 hash: e7195fa5a144691d93082194d9d5af2bcba8e0bf
MD5 hash: 10a98d611d1cb897fb28093dcc8c2604
humanhash: kilo-whiskey-london-sierra
File name:file.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:670'651 bytes
First seen:2020-06-04 06:23:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:vDaYDrKMfQsmBohGMOhHDk8lYGzWnowmam0prXjLrezgnPGcCxXTzYbp6Qr3ie:baYyMA6hGMOhR4owmafjj/kguVJnIh
TLSH F3E4334973EB5258261FAF6B39C92501EECF4A7D4C1E17C83021909FE1BC63CAE5B256
Reporter abuse_ch
Tags:geo MassLogger THA zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: hosting12.ji-net.com
Sending IP: 203.130.149.250
From: kamonwan@dextragroup.com <adm.alpinku@gmail.com>
Subject: ยืนยันการชำระเงินล่วงหน้า 40%
Attachment: file.zip (contains "file.xe")

MassLogger FTP exfil server:
desguacespalomino.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 06:37:49 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vsinzd4mjlycqdcg5fjd2vbxltrh7tdbomyb2etxld4yilszfpfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip ac90dc8f8c4af0280c46e9523d54375ce27fcc6173301d127758f9842e592bcb

(this sample)

MassLogger

Executable exe 5ac7829c9c8f38d2e9494f433e262b9dd03d524728567147bc9d0967abb008f2

  
Dropping
MD5 7163060d4a79c64528f10aa772e26a51
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5ac7829c9c8f38d2e9494f433e262b9dd03d524728567147bc9d0967abb008f2

Comments