MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d868a76690c67161b3c2961defc05d375eb1adccc7f5b1cc8b0a3908ee98f61d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d868a76690c67161b3c2961defc05d375eb1adccc7f5b1cc8b0a3908ee98f61d
SHA3-384 hash: fe80f214f7ca18d590e0df67995c92ba688276db5d703a8659c5913fb8cb15cc7bf95ef994c6afdb4aa5ae76f1cb5fcc
SHA1 hash: 5d5849ec40de2a8c045a2aebffa6885d38af0cf6
MD5 hash: 7bd6714745d0074d34e5e42d57a13b33
humanhash: earth-salami-september-crazy
File name:invoice 2.GZ
Download: download sample
Signature MassLogger
Create hunting rule
File size:915'243 bytes
First seen:2020-06-10 08:55:18 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 24576:8JBI1iic9E83eeiKVQz42oWDYbuvvQmzmV0Tz:8zI15c974oWDYi20n
TLSH 7B15336CE231C0DDC2784EC622B407753676E591E1E1B374CB492481BEA137AF6B6A73
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: colleen.ml
Sending IP: 103.133.106.246
From: Export Department <lauren@colleen.ml>
Subject: paid invoice
Attachment: invoice 2.GZ (contains "invoice (2).exe")

MassLogger SMTP exfil server:
mail.surgicalfacemasksdistributors.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 08:56:07 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3bukozuqyzywdm6csyo67qc5g5pldlomy723dtelbi4qr3uy6yoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz d868a76690c67161b3c2961defc05d375eb1adccc7f5b1cc8b0a3908ee98f61d

(this sample)

MassLogger

Executable exe b2252d785f2e382426f925f27ae6cc491dec145159e23992098c1a70c87cea8f

  
Dropping
MD5 4cbede5ef9cbcfba5d6ad47538fffadf
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2252d785f2e382426f925f27ae6cc491dec145159e23992098c1a70c87cea8f

Comments