MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22faed7f28888195a6155594919563e386802b0b917cda365cfc92777ee74190. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22faed7f28888195a6155594919563e386802b0b917cda365cfc92777ee74190
SHA3-384 hash: 44ca797cf3051e0b72fa685324b3f9015e48bfc44ac99a3a30f69820a77d17bd8b1b0f9b132b9bf622298b3ef63022e8
SHA1 hash: 5e8272e9008e97358350a8ace89d5cc6f49d2e83
MD5 hash: da617371a9eda0170ec126218c4614cd
humanhash: zebra-winner-coffee-august
File name:invoice090900009.xz
Download: download sample
Signature MassLogger
Create hunting rule
File size:839'038 bytes
First seen:2020-06-29 12:32:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Vfm9AzENnyaBKmS1ni1gmCIF3VP6116nd9:ImWyassHCIF3Pnf
TLSH DC05334EDD87BA7DC50AA05BE6F04501BB01F8DEE6C3B1A2902931578E72ADF79483C5
Reporter abuse_ch
Tags:geo MassLogger TUR xz


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: serv.ipblasta.com
Sending IP: 5.39.217.214
From: admin2@yigmyanmar.com
Reply-To: saleslink@yandex.com
Subject: RE: INVOICES
Attachment: invoice090900009.xz (contains "invoice090900009.exe")

MassLogger SMTP exfil email server:
mail.ereglitso.org.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.23810.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/22faed7f28888195a6155594919563e386802b0b917cda365cfc92777ee74190/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 12:34:05 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=el5o27zircazljqvkwkjdfld4odiakylsf6nuns47sjho7xhigia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 22faed7f28888195a6155594919563e386802b0b917cda365cfc92777ee74190

(this sample)

MassLogger

Executable exe a1b7b74f099ecb3e600271c2ed326aacaeece3eda474d5769c2839386fa0fc05

  
Dropping
MD5 873ee9e180e146dbc58e236adc4859e2
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a1b7b74f099ecb3e600271c2ed326aacaeece3eda474d5769c2839386fa0fc05

Comments