MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e54725e8375c6c92172a241bf9b32f3278af2f56d0176e15033f197236594c93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e54725e8375c6c92172a241bf9b32f3278af2f56d0176e15033f197236594c93
SHA3-384 hash: 72018df92198e6662e908620dbe471ccdf43243925b07dd33aaa141cf966ee3ae5af7a75084b58540fa6f80ab68b0938
SHA1 hash: d118d373cac72da59943d9e9873a937d89490add
MD5 hash: 42037838a4fe7b1c88f3e5619df9d249
humanhash: wyoming-golf-batman-uniform
File name:shipping documents.ace
Download: download sample
Signature MassLogger
Create hunting rule
File size:891'716 bytes
First seen:2020-07-07 08:25:02 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 24576:gxvIcheCkFT48s4ZMKhdfcrdtOhRHlf2/E9GATfGyzJEOHi:g9Xpk5494ZMK/aip2/E9BTOyz5i
TLSH 0215331DB736B56FD6B944DD1DA0C4876B4748FAD6803C432C6DBD2AE1224BAB3081BD
Reporter abuse_ch
Tags:ace DHL MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: vps-1170671-9289.hosting-solutions.pl
Sending IP: 46.41.132.108
From: DHL Express logistics <eg.tracing@dhl.com>
Subject: DHL Shipment Arrival Notification
Attachment: shipping documents.ace (contains "shipping documents.exe")

MassLogger SMTP exfil server:
mail.elkat.com.my:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e54725e8375c6c92172a241bf9b32f3278af2f56d0176e15033f197236594c93/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 08:26:13 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4vdsl2bxlrwjefzkeqn7tmzpgj4k6l2w2alw4fidh4mxenszjsjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

ace e54725e8375c6c92172a241bf9b32f3278af2f56d0176e15033f197236594c93

(this sample)

MassLogger

Executable exe 6d430704bd3c6594f4732ec7e0f4bc0b899e93ac4d82d7f32da912dc6bdb9c35

  
Dropping
MD5 78c8c791d10aa23e7ba57360a846323b
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6d430704bd3c6594f4732ec7e0f4bc0b899e93ac4d82d7f32da912dc6bdb9c35

Comments