MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb47e0c7e88566227a0ee6753a8b64f10cde705e675ed00d885ecc7bcf439246. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb47e0c7e88566227a0ee6753a8b64f10cde705e675ed00d885ecc7bcf439246
SHA3-384 hash: 71d984309af5a9e7ab4b0b13348869ec8040140f3078fa8dd0f5deb2d14d9f16a68732404edc4a148e02dd2f485b5c9a
SHA1 hash: c4d4a5e5c9fb9b19a2c310286e216a0f3e7a2de4
MD5 hash: 3ebb732580f04a7a48fd605a561b2942
humanhash: ohio-seventeen-blue-echo
File name:DORNER COTIZACION 220420.pdf________________________________.z
Download: download sample
Signature MassLogger
Create hunting rule
File size:865'618 bytes
First seen:2020-06-18 15:55:24 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 24576:ThmzxUpA3LrhyGCoK/HQaMIrqpAhByrEZABUuWgseU:ThmzGpA3dCHwIPaEizWvV
TLSH 5F0533A2D6421BE040AD2B3D78B9DB2AC4A52A634F8F41B077754BED70D50E107F8DE6
Reporter abuse_ch
Tags:MassLogger z


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: promegg.com
Sending IP: 37.49.224.119
From: Ramos, Humberto <info@promegg.com>
Subject: CotizaciĆ³n 205173
Attachment: DORNER COTIZACION 220420.pdf________________________________.z (contains "DORNER COTIZACION 220420.pdf________________________________.exe")

MassLogger SMTP exfil server:
mail.devor.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 16:36:16 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5nd6br7iqvtce6qo4z2tvc3e6egn44c6m5pnadmil3ghxt2dsjda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

z eb47e0c7e88566227a0ee6753a8b64f10cde705e675ed00d885ecc7bcf439246

(this sample)

MassLogger

Executable exe a57ff9fb7a275ee39503e49844a4abb1c71854d95e3533880153ad5b511c4c26

  
Dropping
MD5 6f92eb4fabbe864b28b2b878ba592474
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a57ff9fb7a275ee39503e49844a4abb1c71854d95e3533880153ad5b511c4c26

Comments