MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 113efbec74f139421ece0835c230ff8d37f91ff109bfee42b501d25c6b149597. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 113efbec74f139421ece0835c230ff8d37f91ff109bfee42b501d25c6b149597
SHA3-384 hash: 1535815eeb3bdd73453aed9bce910dcefdd13bd7ac313cc054d516f6005da20a533d09dfe4bdb43dd90fd3bd2bff09cf
SHA1 hash: b164fc44c2d4c828d4a96a38bcc520a42f3427aa
MD5 hash: b7ce62a02fc1e293a7b29a893758e2f1
humanhash: single-july-edward-five
File name:Remittance Payment Report.7z
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'032'501 bytes
First seen:2020-06-04 06:22:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:SC9HRx6XzxHifB7qQnIjwSXhbkf9nO6/mTqtYaPGc/O:x9HRx6XFgIjwSVa5DeWtYCm
TLSH A42533DDCE34ED3A4D8F86888F4D416B19E3A8D9D55FA106FCE14E1A8B0925F73B6600
Reporter abuse_ch
Tags:7z MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: serve0.debruijn2.pw
Sending IP: 173.82.168.54
From: "Honma"<info@debruijn2.pw>
Reply-To: "Honma"<sirnra.intl.fze@gmail.com>
Subject: Remittance Payment Report
Attachment: Remittance Payment Report.7z (contains "Remittance Payment Report.exe")

MassLogger SMTP exfil server:
mail.mytravelexplorer.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 06:37:23 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ce7px3du6e4uehwoba24emh7ru37sh7rbg764qvvahjfy2yuswlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 113efbec74f139421ece0835c230ff8d37f91ff109bfee42b501d25c6b149597

(this sample)

MassLogger

Executable exe 5d23c0113f6b67689ba81bb35056cc530d8ccd6c393f26def4103e9b69d110e2

  
Dropping
MD5 73cfbd3038b2dd6518c91ad03019fc3d
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d23c0113f6b67689ba81bb35056cc530d8ccd6c393f26def4103e9b69d110e2

Comments