MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d963a8bbee3dc82f6ad73dcad4ce4d87b3c38e1a90d50e142fdc1a27a3e4329c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d963a8bbee3dc82f6ad73dcad4ce4d87b3c38e1a90d50e142fdc1a27a3e4329c
SHA3-384 hash: d99a87b82a7d03175792ec768bc70cb02e19ddaabe16d1d3dc46565713adebff3f258f9b9b0e3ba92d1477276a8fcdb8
SHA1 hash: 5f6907edd23780da14fbd74112f87d2819db51c1
MD5 hash: 9a9ee66efc04e56e83db7ba5a3f516f3
humanhash: nitrogen-nevada-robin-coffee
File name:PETRONAS MALAYSIA INVITATION TO BID FOR Provision of Engineering, Procurement, Construction, Install
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-13 11:46:16 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:Am/azCGHwiJ6ATLJAuFMz16ERFX44tCA//Dt5AVg3ZhqHUCDhNV4l3UxWt0q:PazCGHdJHmbX4AD//DP7HWP74R8WSq
TLSH 9F452357ABECA235F53650F393F2B72187A0A4871A27535F75CEA58D8700B904CE2F86
Reporter abuse_ch
Tags:MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: we.webtechcool.live
Sending IP: 45.95.171.44
From: Ibrahim Mohammed <Ibrahim-Mohammed@petronas.com>
Reply-To: Ibrahim Mohammed <info@petrochemicalhousecube.xyz>
Subject: PETRONAS MALAYSIA INVITATION TO BID FOR Provision of Engineering, Procurement, Construction, Installation and Commissioning for PEGAGA Development Project – Mubadala Petroleum6
Attachment: PETRONAS MALAYSIA INVITATION TO BID FOR Provision of Engineering, Procurement, Construction, Install (contains "PETRONAS.EXE")

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.b99eea58960b2067.19348.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d963a8bbee3dc82f6ad73dcad4ce4d87b3c38e1a90d50e142fdc1a27a3e4329c/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3fr2ro7ohxec62wxhxfnjtsnq6z4hdq2sdkq4fbp3qncpi7egkoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/d963a8bbee3dc82f6ad73dcad4ce4d87b3c38e1a90d50e142fdc1a27a3e4329c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

iso d963a8bbee3dc82f6ad73dcad4ce4d87b3c38e1a90d50e142fdc1a27a3e4329c

(this sample)

MassLogger

Executable exe fc0bbe3c37a9d40c7cefaa4b5ec668b1b9513815dfbb73eaf1d3f4d8a56e0edc

  
Dropping
MD5 b99eea58960b20670f8321b7b324fd1d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fc0bbe3c37a9d40c7cefaa4b5ec668b1b9513815dfbb73eaf1d3f4d8a56e0edc

Comments