MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0756f168f54383df4e486dc406bb01fcf10872d3fe6a7e449754082331336371. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0756f168f54383df4e486dc406bb01fcf10872d3fe6a7e449754082331336371
SHA3-384 hash: 498f3748185bfe7bf2af2dcc386323f04d19c946feb8acaa6a37e08c98eb6a627af0e2f54f08a64799cb0cbc88af88d4
SHA1 hash: 02ade59775c40b3aa0012ad966b0f98074cfaab7
MD5 hash: 538ac94936d386c19496f56586d05d8c
humanhash: carpet-violet-winner-wisconsin
File name:DHL-e2RmZjk.r07
Download: download sample
Signature MassLogger
Create hunting rule
File size:802'230 bytes
First seen:2020-11-05 09:47:04 UTC
Last seen:Never
File type: r07
MIME type:application/x-rar
ssdeep 24576:9n3htkosfw/5TWgVr4SUqJULvldyStYon:93hjew/5T58qJSNdyStYS
TLSH 410533A299B261CCBEF73DAC07F3A91C17AA9EF0449C80BA1F168EDC385775194E3511
Reporter abuse_ch
Tags:DHL ESP geo MassLogger r07


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: dhl.com
Sending IP: 156.96.156.216
From: DHL Express Turkey [Marketing & CustomerService Apps] <burak.sarikoc@dhl.com>
Subject: Documentos de envĂ­o de DHL
Attachment: DHL-e2RmZjk.r07 (contains "E004778244.COM")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0756f168f54383df4e486dc406bb01fcf10872d3fe6a7e449754082331336371/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 16:55:42 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a5lpc2hviob56tsinxcanoyb7tyqq4wt7zvh4rexkqecgmjtmnyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r07 0756f168f54383df4e486dc406bb01fcf10872d3fe6a7e449754082331336371

(this sample)

MassLogger

Executable exe 0b27fbcb91a355c14ee1367af92b962f1901e4d48a08e719f6e4dada1d599130

  
Dropping
MD5 b938ad05451164f9955b3708258c3f69
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0b27fbcb91a355c14ee1367af92b962f1901e4d48a08e719f6e4dada1d599130

Comments