MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c
SHA3-384 hash: 3f3818a7f8250829b4ea0793a50c2f85abc32d4476fac80434e19bc6c418f90f94e42caae06128af3b89208ef67f6b65
SHA1 hash: 8cb36307305a97ccacf6c7e47f946ea28e843862
MD5 hash: 77d0eae3d4be21ec4b5b10b734c2db32
humanhash: delta-steak-apart-winter
File name:QUOTE-FILE476544567493478.pdf.xz
Download: download sample
Signature MassLogger
Create hunting rule
File size:580'138 bytes
First seen:2020-08-08 09:03:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:nWLNwqUcPBQf+kYLco3Ofw09MwvvGeSO3vSKZP39GhAKh:ahPBk+VYo+fjCwv4O3vSYP39mFh
TLSH 13C4336C7C8610EE180F1B6B7D935E92258C72ABA54E5E0DC07D2D5E9C58EAC3C37B42
Reporter abuse_ch
Tags:MassLogger xz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: folla.com
Sending IP: 155.94.136.61
From: Mr. Sayee Varma <hazel@folla.com>
Reply-To: Mr. Sayee Varma <hazel@folla.com>
Subject: PI. quote
Attachment: QUOTE-FILE476544567493478.pdf.xz (contains "QUOTE-FILE476544567493478.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-08 03:25:45 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zl63s3abyqbrmbz5zvlq3wddyklc2wj3bbzhlufusnqi6hmmuiga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c

(this sample)

MassLogger

Executable exe 9827d07eba83763e229dfa24ce8c14e3751b216bba993a299f333a429b08232f

  
Dropping
MD5 dae94a89e0be7fb5eeab946b07ddc57a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9827d07eba83763e229dfa24ce8c14e3751b216bba993a299f333a429b08232f

Comments