MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7d1887eb7a9762107c04b02a93014df0869620b287579da38f922f7989c8111. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7d1887eb7a9762107c04b02a93014df0869620b287579da38f922f7989c8111
SHA3-384 hash: 85da1b6ff99f07f7e5d0e72555b5d436432889ca559847294c3e16063e41842dce6995e59364427e8b79903c27cfcc6c
SHA1 hash: 6cbf4b09d4dab6a2e35573f5083db9682d7ff8b8
MD5 hash: 11d4191b4fbaaaf6de25f349151fd1f7
humanhash: oven-tennis-winner-magnesium
File name:Our New Order May 27 2020 at 2.30_PVV440_PDF.img
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'900'544 bytes
First seen:2020-05-27 11:31:31 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:ISJ6NccP0x59tlyXwHq5xNCvK4pdlnt0h:IPk9DzHs2Kalnt
TLSH FE955B2735828408C53A42790079EAC5AAF667813616C72EF69F630B4F82F7F7B911DD
Reporter abuse_ch
Tags:img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: server.lazul.com
Sending IP: 82.194.91.57
From: Biberiye Ahlam <direccion@eucov.com>
Subject: RE: AW: Our New Order No. 155717
Attachment: Our New Order May 27 2020 at 2.30_PVV440_PDF.img (contains "Our New Order May 27 2020 at 2.30_PVV440_PDF.exe")

MassLogger SMTP exfil server:
mail.pooldeexcursiones.es:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.917f02f1c5a3509f.13507.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agenttesla
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 11:35:47 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
13 of 30 (43.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img c7d1887eb7a9762107c04b02a93014df0869620b287579da38f922f7989c8111

(this sample)

MassLogger

Executable exe c576ee9b927aa490d554523d3faf7be5a897f215972f2973bafb62c1465123bb

  
Dropping
MD5 917f02f1c5a3509fadf087e12ac83330
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c576ee9b927aa490d554523d3faf7be5a897f215972f2973bafb62c1465123bb

Comments