MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0bf96baeec569010dc7acb82cd5f2bb7feacd9c5411dcd6d8fd53c9b316344ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 1 Comments

SHA256 hash: 0bf96baeec569010dc7acb82cd5f2bb7feacd9c5411dcd6d8fd53c9b316344ce
SHA1 hash: 56b7e0e9918c0d12bc21c255bdba57e8fe7ae18c
MD5 hash: 41eeb21fde2e0191d466f6ac5f75b4b3
File name:Invio Estratto.exe
Download: download sample
Signature MassLogger
File size:863'232 bytes
First seen:2020-05-22 10:08:34 UTC
Last seen:2020-05-22 10:51:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 24576:ymw9XPMqu7hohn4lg3bY0V+oSL259NOj:y3/c7wel0coSL2e
TLSH 0A05F116538D156BEE9CC2BBC0D265040AF1906E219BE79DECB194EE8B0F7B3C98514F
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: cloudhost-143971.us-west-1.nxcli.net
Sending IP: 173.249.144.86
From: GLS BARI <bari@gls-italy.com>
Subject: Invio Estratto Conto
Attachment: Invio Estratto.CAB (contains "Invio Estratto.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 24
Origin country US US
ClamAV SecuriteInfo.com.MSIL.Kryptik.UCB.22051.UNOFFICIAL
VirusTotal:Virustotal results 25.00%

Yara Signatures


Rule name:masslogger_gcch
Author:govcert_ch

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 0bf96baeec569010dc7acb82cd5f2bb7feacd9c5411dcd6d8fd53c9b316344ce

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments