MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f63fab350ae884c55e1e399abfdec150a3db27402311dc5d48ce6ef101930a4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f63fab350ae884c55e1e399abfdec150a3db27402311dc5d48ce6ef101930a4d
SHA3-384 hash: 70f43006a3e390a69283c55b256d764915476f1510371ad4c1ebbda9de3b518ddaaf5084ecf1662881a9335737c3336c
SHA1 hash: 814806bf2b01322c03e37988937e62fa924b0ffe
MD5 hash: efda5b6570d56f9c9fb244211e1c1eec
humanhash: white-beer-paris-social
File name:DHL_May 2020 at 06.1_8C7290_PDF.img
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'376'256 bytes
First seen:2020-06-02 17:04:21 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:Tiwoh1pK7twlZ+lKp7KZ6lxV1iqCTuO9MNj:GK7tW+Mp0I1bBl
TLSH A855125972643B8FC86BC5B489902C74A77061635213D3A7AC2B60FA2F1EBC39F580C7
Reporter abuse_ch
Tags:DHL img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: torrespardo.ncloud.es
Sending IP: 185.57.172.23
From: DHL Customer Support <noreply@dhl.com>
Subject: Re: DHL Notification / DHL_AWB_0011179303/ ETD
Attachment: DHL_May 2020 at 06.1_8C7290_PDF.img (contains "DHL_May 2020 at 06.1_8C7290_PDF.exe")

MassLogger SMTP exfil server:
mail.kogep-k.hu:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 17:36:52 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
12 of 48 (25.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6y72wnik5ccmkxq6hgnl7xwbkcr5wj2aemi5yxkizzxpcamtbjgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img f63fab350ae884c55e1e399abfdec150a3db27402311dc5d48ce6ef101930a4d

(this sample)

MassLogger

Executable exe 7573a215a8c55cef7dd88267f3df3561fea190c207eb09cae2b59641945748d4

  
Dropping
MD5 e4707e252ef3e7a6477c63a1a0350129
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7573a215a8c55cef7dd88267f3df3561fea190c207eb09cae2b59641945748d4

Comments