MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c35efac9d16552df2c7020672b7a1b10f18922aa7c52b1f2b9418a2fa2802570. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c35efac9d16552df2c7020672b7a1b10f18922aa7c52b1f2b9418a2fa2802570
SHA3-384 hash: 461ddc6aee53dd462f6213d36e3d6c01b151742790f91d870f37d979f500ea44740158c661f8b40f0b94f039fe1ace2d
SHA1 hash: 7e706601b1ce37947451bf0e1ada40be2cdef351
MD5 hash: 0702d67039d4a679a0827f0fe234a18f
humanhash: nebraska-failed-nitrogen-colorado
File name:Erenrcompany.CAB
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'249'966 bytes
First seen:2020-05-20 11:56:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:ceNxy+DmBQm1Eunm4kjiGqA5fI4LLgP33eB2sWursBPTNFROpM9wIoGbQ4HA6i9t:TNxXDm1rYOrA7ofeoiK6Io94KkV2V
TLSH 13453365B3BC6889697E11394E3B83BCBE340E0B899442FB7F451497BEA1CD80F5D5A0
Reporter abuse_ch
Tags:cab geo ISR MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: eepsjc1-02.nexcess.net
Sending IP: 104.207.238.163
From: ErenrCompany <irene@erenrcompany.com>
Reply-To: jonah@briistol.com
Subject: שאלה למוצרים מצורפים [05020]
Attachment: Erenrcompany.CAB (contains "Erenrcompany.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VZH.13111.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:35:58 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ynppvsormvjn6ldqebtsw6q3cdyysivkprjld4vzigfc7iuaevya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip c35efac9d16552df2c7020672b7a1b10f18922aa7c52b1f2b9418a2fa2802570

(this sample)

MassLogger

Executable exe 50ff0aae0a9f7c1fc39e15483e5ebf8235d18c9d9ef2a5bd75a538c0a42e444e

  
Dropping
MD5 97ce671821460fdb8d39cafd4465cd90
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 50ff0aae0a9f7c1fc39e15483e5ebf8235d18c9d9ef2a5bd75a538c0a42e444e

Comments