MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e398d25e5ee3fa2ef17eda10103e1c39c7ddc36b9ccd06d3de5c1cc25141fe76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e398d25e5ee3fa2ef17eda10103e1c39c7ddc36b9ccd06d3de5c1cc25141fe76
SHA3-384 hash: e68d21cbba30edcdef78aafb3bc0035fd9abfb8e51c2ce0c16244d863da34d71b0edf4ef85dbe44ef70620949f35dbb1
SHA1 hash: a3f3f4ec3b702c5fbe3e6ae421962ea9f0c4e578
MD5 hash: a7bf1ba14bcca162e2c16645e3dfa1d9
humanhash: north-foxtrot-early-shade
File name:file.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:972'011 bytes
First seen:2020-06-03 08:13:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:hVI5YrK3Wb156XuFEDtVHi4PJ7YQ0Kpsl210wwGR9:LcV3e56+FEDtzwKr1cA9
TLSH 922523B0E189732F664260DB44FD9411CB8F1A0BE3363E967563781F5DB982BD867388
Reporter abuse_ch
Tags:geo GRC MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: pl1.azuni.net
Sending IP: 37.26.26.70
From: info@nigico.gr
Subject: Re: Σχετικά με τη νέα παραγγελία
Attachment: file.zip (contains "order.exe")

MassLogger SMTP exfil server:
smtp.gmail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21082.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 04:29:39 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4omnexs64p5c54l63iibapq4hhd53q3lttgqnu66lqomeukb7z3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip e398d25e5ee3fa2ef17eda10103e1c39c7ddc36b9ccd06d3de5c1cc25141fe76

(this sample)

MassLogger

Executable exe a643a629e8acc513e9c6d51842fe1775208b64c4e1e20036fa52b7038ecf2c25

  
Dropping
MD5 db0fbf9c80238f34c22726ca4bfa6759
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a643a629e8acc513e9c6d51842fe1775208b64c4e1e20036fa52b7038ecf2c25

Comments