MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d1e4af19c39ae4e83071f8e32ae2485809d0bf7c07a5aba75b6e9565dab4167. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d1e4af19c39ae4e83071f8e32ae2485809d0bf7c07a5aba75b6e9565dab4167
SHA3-384 hash: 1d674bd26d46f8ca842e9b87231b49955a2a1c1c3d3b7b6c28fc866575824a9328d24cb1439217b1faf6ae57ecf73032
SHA1 hash: 27ae19281712e7413d9a34a9494b382783f4719a
MD5 hash: 174f29db73cb9e4b3d54bc1ede1ff488
humanhash: victor-cola-robin-paris
File name:INQUIRY_382020.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:973'638 bytes
First seen:2020-08-03 12:57:41 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:2gHlNRAWa1PI357wK+MrRLtD1YnDJLVLg07+BR:zH7Rr+PU57Y8RhmDFRgN
TLSH 512533540AF711E9CC8685E77FDEC6A1D9972C12417EAA332D01FC2F2F6705A26488DB
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: hal-lndia.co.in
Sending IP: 5.188.93.228
From: Helen Lui <sales@hal-lndia.co.in>
Subject: Product Inquiry / Offer
Attachment: INQUIRY_382020.rar (contains "INQUIRY_382020.exe")

MassLogger SMTP exfil server:
smtp.yandex.com.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d1e4af19c39ae4e83071f8e32ae2485809d0bf7c07a5aba75b6e9565dab4167/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 12:59:05 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bupev4m4hgxe5ayhd6hdflreqwaj2c7xyb5fvotvw3uvmxnliftq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0d1e4af19c39ae4e83071f8e32ae2485809d0bf7c07a5aba75b6e9565dab4167

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 0d1e4af19c39ae4e83071f8e32ae2485809d0bf7c07a5aba75b6e9565dab4167

(this sample)

MassLogger

Executable exe e5caa150b119335b8b2fe8c999f8e801c1e74b010ceb58b794804ea6b4b07c61

  
Dropping
MD5 436ef35cc73000601d28cca7b910f499
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e5caa150b119335b8b2fe8c999f8e801c1e74b010ceb58b794804ea6b4b07c61

Comments