MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db3f5a85a4dd42968822291edd900262eab373b0ac5fe29860a31585059d53fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db3f5a85a4dd42968822291edd900262eab373b0ac5fe29860a31585059d53fd
SHA3-384 hash: 049c0d342089363b7d002672a6496cccc8a92912a87f5f62df5f33a9aa1abf809b2f8000edc53a0039efcc0d337a8c5f
SHA1 hash: 328a17b07956209f86ee0cab9b44abee27037945
MD5 hash: 1c80357e61dd3c2256349b554592d364
humanhash: music-pizza-beer-ink
File name:quotation.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:829'199 bytes
First seen:2020-06-17 10:14:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Mtve64qVYo3Av5qB6Xr0a+gNMEzLOWwh9emNKowKjGVR8DAWmYbZfWwS2qcuWLT2:Mr4Wf3NKrf2cy3koXjG4AhoHutoUTYk
TLSH 7F0533A38CE6908B5299E34955EBC76331FD6FCFDD17D4F8CCBCF92A2950A050868291
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: sg2plwbeout19-1.prod.sin2.secureserver.net
Sending IP: 182.50.144.34
From: <ramees@metalixllc.com>
Subject: Re: quotation
Attachment: quotation.rar (contains "XdPNOxd5afC8575.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 10:37:27 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3m7vvbne3vbjncbcfepn3eacmlvlg45qvrp6fgdaumkykbm5kp6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar db3f5a85a4dd42968822291edd900262eab373b0ac5fe29860a31585059d53fd

(this sample)

MassLogger

Executable exe afb36acc2f0bbabca29232e70f3d7aadc4106083e90b60dc432fbe1db98ddbf7

  
Dropping
MD5 4f9f52e3ae33cf1a8fed970bff236951
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 afb36acc2f0bbabca29232e70f3d7aadc4106083e90b60dc432fbe1db98ddbf7

Comments