MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1342cdcc9231fdd7637c5a78b07485e5f2fb706479e0441f0b53bd1bd8228697. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara 1 Comments

SHA256 hash: 1342cdcc9231fdd7637c5a78b07485e5f2fb706479e0441f0b53bd1bd8228697
SHA3-384 hash: b62e8cd2f5d2c0b30d224d74326148ec44ad6581d6eb6e919f9ad9d27ad65eee58bf329e5c46a581d29c454abe7de1f9
SHA1 hash: 9c345ae6ed109d9da39f7f93f7bb81174e6f9fd2
MD5 hash: 97615be6918cdb51eee1e7f1b14bbb36
humanhash: tango-network-three-beryllium
File name:PZS-172.exe
Download: download sample
Signature MassLogger
File size:731'648 bytes
First seen:2020-06-30 09:05:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:W8ISd50BJnq7rQAGIZn5lcF1gazEoX92WXK0lsnmZxLpekSW3R7tXjDS+udh:WUdWBxqAtKn5qzhMW60lemZdpekSmbTo
TLSH AAF4122875AE293BCABC05F94893550207B4E4977C03FBD68DE9B1DD02CAF991252E73
Reporter @abuse_ch
Tags:exe HostGator MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: gateway20.websitewelcome.com
Sending IP: 192.185.58.11
From: Masoumeh <m.aligol@climaxoilfield.ae>
Subject: RFQ-PZS-172
Attachment: PZS-172.rar (contains "PZS-172.exe")

MassLogger SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 28
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17072/
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/1342cdcc9231fdd7637c5a78b07485e5f2fb706479e0441f0b53bd1bd8228697/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 04:40:20 UTC
AV detection:22 of 31 (70.97%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:masslogger
Link: https://tria.ge/reports/200630-9xt37nyqej/
Tags:ransomware spyware stealer family:masslogger
VirusTotal:Virustotal results 31.51%

Yara Signatures


Rule name:masslogger_gcch
Author:govcert_ch

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 1342cdcc9231fdd7637c5a78b07485e5f2fb706479e0441f0b53bd1bd8228697

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments