MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01617e0cf47c2d79cc79a14ae68f877b5e3736cbe9111d962384f45d71f5e9a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01617e0cf47c2d79cc79a14ae68f877b5e3736cbe9111d962384f45d71f5e9a9
SHA3-384 hash: fd9ca9c33d78241c35b274b11530083b848819d26f44c6e2e127579d7e4f491beb069da477bd3c11903220e83c58d971
SHA1 hash: 1fef2250e2becac349f940c4d0dd18f7e1403c8e
MD5 hash: 33453429559e3cddae935cd62420d8a7
humanhash: solar-snake-uniform-skylark
File name:Inquiry -Batenburg Bevestigingstechnie QO202000182________________________pdf.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:825'908 bytes
First seen:2020-06-03 10:11:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ZOjWXZ8mn4Et9/DPQsy6rrfqxIJOsb7oPb6WaXyeCF0vYfKn:DZxD/ykfqxdsbkPBaXyeg0vYfKn
TLSH 010533D4098C60B889077D5FCB06A457BDC7EED3AE2C678F0245F93550B3406BD6AA8B
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: vps.0apil.com
Sending IP: 45.95.169.74
From: Kuttaiyappan Arangarajan <info@magaliescitrus.co.za>
Subject: AWW: Inquiry -Batenburg Bevestigingstechnie QO2020001827
Attachment: Inquiry -Batenburg Bevestigingstechnie QO202000182________________________pdf.zip (contains "Inquiry -Batenburg Bevestigingstechnie QO202000182________________________pdf.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.8538.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 10:36:24 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=afqx4dhupqwxttdzuffond4hpnpdonwl5eir3frdqt2f24pv5guq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 01617e0cf47c2d79cc79a14ae68f877b5e3736cbe9111d962384f45d71f5e9a9

(this sample)

MassLogger

Executable exe 6b287b9b3200533c490357e28b5e9c65856740c2a63c32dae9bd50b042557664

  
Dropping
MD5 174bc3327e9eaad09baff6bbfae225b0
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6b287b9b3200533c490357e28b5e9c65856740c2a63c32dae9bd50b042557664

Comments