MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b7bc569080b650452e38583f7391c0340b30c9e13d016f4bbb7d093eb2bb7e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b7bc569080b650452e38583f7391c0340b30c9e13d016f4bbb7d093eb2bb7e7
SHA3-384 hash: adfe145f575ba825aee93fa3f6b0f99df39450def10f664921b8596d55c152939d8e6a741d8380673d4d8b7c0cf8ea3d
SHA1 hash: 54c120df2d7539811e45e724d43d60ef12e63ebd
MD5 hash: 8af4ebdf9237148900125db4ba1e0f43
humanhash: sad-iowa-equal-three
File name:Payment Copy_pdf.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:598'473 bytes
First seen:2020-07-09 06:28:41 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:Pn/hscAd4nLFp6yALFP6F4Hb0ebcBiPvx1u7e8O3ydWvxEE0ncE://idCF244Hb0RM//8O2SxxvE
TLSH E5D42363A6F34EE7911074AD3CC9B6E22076CD225B50509637F5CFD3B523A27E9B801A
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: max.dlriv.com
Sending IP: 141.105.64.198
From: Amy Predentt<amabvi@predentt.com>
Subject: Payment Copy
Attachment: Payment Copy_pdf.gz (contains "Bank Statement_pdf.exe")

MassLogger SMTP exfil server:
mangero.xyz:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b7bc569080b650452e38583f7391c0340b30c9e13d016f4bbb7d093eb2bb7e7/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 06:30:07 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bn54k2iibnsqiuxdqwb7ooi4analgde6cpibn5f3w7ijh2zlw7tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 0b7bc569080b650452e38583f7391c0340b30c9e13d016f4bbb7d093eb2bb7e7

(this sample)

MassLogger

Executable exe e91593299dba4d7f9362c8d64e701413af0384f0f7ecca356ab138497f3a8e4d

  
Dropping
MD5 1c3985f5c3ad3e9a5394d093237ecd72
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e91593299dba4d7f9362c8d64e701413af0384f0f7ecca356ab138497f3a8e4d

Comments