MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df805bf0adbd20c24cf85af5822222cc00e4f8776a6630598add541a1ebfb1c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df805bf0adbd20c24cf85af5822222cc00e4f8776a6630598add541a1ebfb1c5
SHA3-384 hash: 0136556d341781bbb7462000a5b969380125b4015b3da13fb2372d3969de9b3243854fb2656323825d83ab8a041f91f7
SHA1 hash: e4f0f53de7e9996a147dfa3f8f5dbea8b958bd66
MD5 hash: b4acc476e1cc67d98d5852aa52b2bc15
humanhash: apart-golf-autumn-social
File name:RFQ __SUPPLY ORDER.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:882'371 bytes
First seen:2020-08-14 06:12:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:VhKYBSId64W9nOi/KRJr+WH2YX0zzUReTKclV:VJdMb9nO9RJrxH2YVQWcV
TLSH 6A1533371E18F33BD58502680558C929E3B61EEBBC90CD9E8807F9E965F25ED97813E0
Reporter abuse_ch
Tags:Endurance MassLogger rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: qproxy3-pub.mail.unifiedlayer.com
Sending IP: 67.222.38.20
From: mportaciones AGROVIER SRL <importaciones@agrovier.com.bo>
Reply-To: importaciones@agrovier.com.bo
Subject: PO 114913 REQ 110243
Attachment: RFQ __SUPPLY ORDER.rar (contains "PO_2020130837727_288377233.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df805bf0adbd20c24cf85af5822222cc00e4f8776a6630598add541a1ebfb1c5/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 06:14:06 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=36afx4fnxuqmethyll2yeirczqaoj6dxnjtdawmk3vkbuhv7whcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/df805bf0adbd20c24cf85af5822222cc00e4f8776a6630598add541a1ebfb1c5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar df805bf0adbd20c24cf85af5822222cc00e4f8776a6630598add541a1ebfb1c5

(this sample)

MassLogger

Executable exe 9810f656629ec1a2c0957a8d650b6caf1f9431e91c8a9516744636fbd39d54a8

  
Dropping
MD5 b8802e4af1f4b8366521b4da418463a1
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9810f656629ec1a2c0957a8d650b6caf1f9431e91c8a9516744636fbd39d54a8

Comments