MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07a092c1770ce812ae35ae8f1b5a6d1e4ff4bdc8bdc9fc47ee04a863ada28c4c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07a092c1770ce812ae35ae8f1b5a6d1e4ff4bdc8bdc9fc47ee04a863ada28c4c
SHA3-384 hash: 0093a5b380dcabf096cc09f93aec8610db2bde0817d6011f4da00204d30ce36da21694315dc99a0d6f1b1acc65f4eafa
SHA1 hash: 31cffe81e16ffe806701a1905389a5f34e48003c
MD5 hash: 9124c84fc995a81fb2bb300d54b894af
humanhash: lake-mexico-alabama-video
File name:URGENT RFQ-PO.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'007'567 bytes
First seen:2020-08-20 06:25:49 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:EwRMlQ5iUBGxygmIQ//afuH4ownhjeXJnnDs/yz:EwRMduH//vMnJeJ/z
TLSH 2B2533B95E7E5CC3503D095E56E0FC902161CBA733BEB4E2D20D5E269E63728B291D38
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 156.96.62.199
Sending IP: 156.96.62.199
From: Danh Bopha <info_tone@tonegawaseiko.co.jp>
Subject: URGENT RFQ-PO #50763
Attachment: URGENT RFQ-PO.rar (contains "New_Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/07a092c1770ce812ae35ae8f1b5a6d1e4ff4bdc8bdc9fc47ee04a863ada28c4c/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-20 06:27:04 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a6qjfqlxbtubflrvv2hrwwtndzh7jpoixxe7yr7oasughlncrrga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/07a092c1770ce812ae35ae8f1b5a6d1e4ff4bdc8bdc9fc47ee04a863ada28c4c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 07a092c1770ce812ae35ae8f1b5a6d1e4ff4bdc8bdc9fc47ee04a863ada28c4c

(this sample)

MassLogger

Executable exe 20ec6cdb323f2e2eea0bfb107e820a079a41a3fc6afdf8378de930d7aa7b4160

  
Dropping
MD5 13acc68e0a13b3ad443c4fb9c223cdd5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20ec6cdb323f2e2eea0bfb107e820a079a41a3fc6afdf8378de930d7aa7b4160

Comments