MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03fa8086a22680d5f35280f2cd75e5878a717f18c86f18bec54be8f735e925e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03fa8086a22680d5f35280f2cd75e5878a717f18c86f18bec54be8f735e925e6
SHA3-384 hash: 66ea44be682f4e9ba0f74ec33a0f8a7b191ebd0b78c5c11121776eae01bdda746a8492ca93c720052fd506de8c2f4d14
SHA1 hash: 6de80f02115d08a024009ada1ee4f3e9ffd26464
MD5 hash: 6d9372e476cfef4274c73341061f21d4
humanhash: cup-arkansas-nitrogen-missouri
File name:Invoice and packing list PDF.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:695'066 bytes
First seen:2020-10-15 10:36:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:FmhKRn7B2nSNaDRfo6WiTDyamv9Gf/kpdmdIFQg3wKHzZN+qKC8U4d/H:FaCn7QnSNGV+iyamYnwPF/wAzZUwk
TLSH 55E42300596D4DBF9B93DB47634FF25EA07468E45B2DB2A03E91B684347B0B4C5BD80B
Reporter abuse_ch
Tags:DHL MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: srv1.demspor.com
Sending IP: 31.169.94.221
From: DHL International <mkule@rekordtekstil.com.tr>
Reply-To: DHL International <portoviro.asso@gmail.com>
Subject: Re: Your Shipment invoice & packing-list
Attachment: Invoice and packing list PDF.rar (contains "2baba (7).exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/03fa8086a22680d5f35280f2cd75e5878a717f18c86f18bec54be8f735e925e6/
Threat name:
Win32.Trojan.LokibotCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 18:40:20 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ap5ibbvce2anl42sqdzm25pfq6fhc7yyzbxrrpwfjpuponpjexta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/03fa8086a22680d5f35280f2cd75e5878a717f18c86f18bec54be8f735e925e6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 03fa8086a22680d5f35280f2cd75e5878a717f18c86f18bec54be8f735e925e6

(this sample)

MassLogger

Executable exe 102053c0be40cdc3daca5a7482b8572f5134e10bfe144137c64566a94a5e20b3

  
Dropping
MD5 d75e7438b8cc97abfde414ab0f8101a9
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 102053c0be40cdc3daca5a7482b8572f5134e10bfe144137c64566a94a5e20b3

Comments