MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c9448879ae16e5069c06cbd9555f3df748996c2ae6901a427f156d21bfe854a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c9448879ae16e5069c06cbd9555f3df748996c2ae6901a427f156d21bfe854a
SHA3-384 hash: a43e4bb46aed46214a832f3f7c72182605dcb4f540a4d1344dd2c17a1d18a2e9b2c17e98926f6650bdb34fbecda9ce5e
SHA1 hash: 93f63e17179a87572ccd422aba2c9c46d9ee0cd6
MD5 hash: f56905035fd9b140c07cd997cb489ee8
humanhash: alanine-mountain-snake-leopard
File name:QUOTATION 0123.z
Download: download sample
Signature MassLogger
Create hunting rule
File size:854'351 bytes
First seen:2020-06-08 05:14:59 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:A2csTLgVP/lcA5P7VaTynOSalGddT+9vSfom5q2ll+/IXLNTWhsSDLZXGbpz+H:A2cK2FtwTy/ddK9S9ll+AJPSnlGC
TLSH D80533AA40C8FB6366658861DFB2165DC777E72CB10C83D7238CE7732BACD8517218A1
Reporter abuse_ch
Tags:MassLogger z


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: serve0.manteuffel.pw
Sending IP: 173.82.95.199
From: Einkauf/Purchasing Department<hr@manteuffel.pw>
Reply-To: Einkauf/Purchasing Department<electrogaz47i@gmail.com>
Subject: INQUIRY
Attachment: QUOTATION 0123.z (contains "QUOTATION 0123.exe")

MassLogger SMTP exfil server:
mail.mytravelexplorer.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:16:08 UTC
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dskerb424fxfa2oans6zkvpt352itfwcvzuqdjbh6flneg76qvfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

z 1c9448879ae16e5069c06cbd9555f3df748996c2ae6901a427f156d21bfe854a

(this sample)

MassLogger

Executable exe fa5b514cc6250b204d8c46ee8212b6db4e1c273904b9df51993b5dba4b07d865

  
Dropping
MD5 39483695a751f29df877db2fca8c69d3
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fa5b514cc6250b204d8c46ee8212b6db4e1c273904b9df51993b5dba4b07d865

Comments