MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d691b9659a18c0d257cf10a825f68e95efd3817177453a20ea757005d2b035c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d691b9659a18c0d257cf10a825f68e95efd3817177453a20ea757005d2b035c0
SHA3-384 hash: 7122343ac5e77381d698798a02abaed0d4d00ab9db67ce54996573f8d5895b497f55be00ddc1cee04074fa54f76fdd2b
SHA1 hash: 8303bd2214edc5fc7a4df10f8789f29eedee2aa8
MD5 hash: 9e3cbd6324436a97e1af52cc7674d63a
humanhash: asparagus-uranus-two-louisiana
File name:PO 2008403004.IMG
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'966'080 bytes
First seen:2020-06-11 06:12:51 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:TWaU3A6VEt61JTU+XpkX/+sVjYVLQJvNA5jU8qgPUi5e+PaOvcgG+I:c3A6N1JTVpkbVjaEjWqgPUi5xPa
TLSH BE955B3A74825914C2280636806995C0A3F6AF853693CB1FF5AB335B4F32B9F7B164DD
Reporter abuse_ch
Tags:HostGator img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: gateway31.websitewelcome.com
Sending IP: 192.185.143.46
From: Claudia Van <Claudia.tigerlily@tigerlily-vn.com>
Subject: R: New Inquiry for Covid-19 project/PO-2008403004
Attachment: PO 2008403004.IMG (contains "PO# 2008403004 - NEW ORDER.exe")

MassLogger C2:
http://talleresaramia.com/themes/default-bootstrap/img/icon/obc/upload.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.41991.7197.28789.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 06:14:17 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=22i3szm2ddanev6pccucl5uosxx5halro5ctuihkovyaluvqgxaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img d691b9659a18c0d257cf10a825f68e95efd3817177453a20ea757005d2b035c0

(this sample)

MassLogger

Executable exe aeaadb0810739b7ac17ae1ca594a750c9e831a3407da2f845dace782ce930bbb

  
Dropping
MD5 7f1adfbd690c3493f9853c60611a6d26
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aeaadb0810739b7ac17ae1ca594a750c9e831a3407da2f845dace782ce930bbb

Comments