MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6d6efece3b8baf2d0373c8adc270be90e9e6d48ffdf6c3253646075dd4c2fdc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6d6efece3b8baf2d0373c8adc270be90e9e6d48ffdf6c3253646075dd4c2fdc
SHA3-384 hash: 9145423ece103c308c287c4ffcb37ac1a0c975aabbb2a4cf1076c0baf5d47528cf1ae1514b9268c490d9268adf3e4c43
SHA1 hash: cb1a11d812cfe21a25f303ebfe127b2d93e912be
MD5 hash: 20d5d1903fe7b2f11ee6e0736f1d657d
humanhash: cardinal-fix-snake-equal
File name:company letter_pdf_______________________________________.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'632'109 bytes
First seen:2020-07-21 06:45:58 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 49152:jF0rrTivbLUczj9DqzAqlparU1K8xAg8qhbC8NM:jFA/sZEYU1P8qhbC8q
TLSH 987533B6DD27EA611D278310CC82A42616D2806EE7CBF6737D65B37F8A49E05CD192C3
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: auto-deal.gr
Sending IP: 209.58.149.66
From: CATHERINE<xasapi@auto-deal.gr>
Subject: RE: REQUEST FOR QOUTATION
Attachment: company letter_pdf_______________________________________.gz (contains "company letter_pdf_______________________________________.exe")

MassLogger SMTP exfil server:
smtp.dachanq.cc:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6d6efece3b8baf2d0373c8adc270be90e9e6d48ffdf6c3253646075dd4c2fdc/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 06:47:09 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=43lo73hdxc5pfubxhsfnyjyl5ehj43ki77pwymstmrqhlxkmf7oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e6d6efece3b8baf2d0373c8adc270be90e9e6d48ffdf6c3253646075dd4c2fdc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz e6d6efece3b8baf2d0373c8adc270be90e9e6d48ffdf6c3253646075dd4c2fdc

(this sample)

MassLogger

Executable exe b46571fd44360c7d8e9771a807c0914f419dc7dc69a43b475b537484a1aa5053

  
Dropping
MD5 f013528fbca058469f52035d94bea1af
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b46571fd44360c7d8e9771a807c0914f419dc7dc69a43b475b537484a1aa5053

Comments