MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8f1ff7249279c3a492eea283f2d88e32135e8683338b5d416e58a5c32554cc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: d8f1ff7249279c3a492eea283f2d88e32135e8683338b5d416e58a5c32554cc7
SHA3-384 hash: ddb56c3122372681bee6e951fc6107754dc375d06c02aa218a9c632820509b0e5c7c1a16b2c6aaa197768dd0e3f4b183
SHA1 hash: c90ae7b2bf85b4e525053b2abaa3ece27d7e73a7
MD5 hash: 8176a27a6c8ef7232df4b90267427fa6
humanhash: juliet-tennis-zebra-sixteen
File name:Request for new order.zip
Download: download sample
Signature MassLogger
File size:809'580 bytes
First seen:2020-06-30 09:01:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:s7WQ4aRx5QVR+RvCRf1fvfUVCjftwuDrG:syQ4aRkf3R9fvdj1wu/G
TLSH 540533662F09D9CA2E49F177D89BC9F7BD8966D0A7233ACEA1C16388CD0DD4803E4071
Reporter @abuse_ch
Tags:MassLogger zip


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: server.linux61.papaki.gr
Sending IP: 138.201.206.39
From: info@toroslar.com.tr
Subject: Re: Yeni sipariƟ talebi
Attachment: Request for new order.zip (contains "Request for new order.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Medium
# of uploads 1
# of downloads 30
Origin country FR FR
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/d8f1ff7249279c3a492eea283f2d88e32135e8683338b5d416e58a5c32554cc7/
ReversingLabs :Status:Suspicious
Threat name:Win32.Trojan.Phishingpe
First seen:2020-06-30 09:03:09 UTC
AV detection:6 of 48 (12.50%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
VirusTotal:Virustotal results 12.12%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip d8f1ff7249279c3a492eea283f2d88e32135e8683338b5d416e58a5c32554cc7

(this sample)

  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment

Comments