MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 299fa63f1942cfff56f1b4957c8d6e2d959759d5aa4343671fcd78a6b3fe3143. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 299fa63f1942cfff56f1b4957c8d6e2d959759d5aa4343671fcd78a6b3fe3143
SHA3-384 hash: dc5e920145d954fb4cf00ee93830657e0ad8d917c604d2d21f8728d0ec63c777539491af1be4cb17975692b5a019c3ca
SHA1 hash: b10e4631b6d678726152333005275da7b72ce5c8
MD5 hash: 7f50f02418c0464ffdd2a24fdd0ee12b
humanhash: fillet-don-fifteen-diet
File name:doc773948775757 000239488884.r15
Download: download sample
Signature MassLogger
Create hunting rule
File size:648'793 bytes
First seen:2020-10-12 14:54:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:+PGji34zd4RhzFMOmDBBXL80bTU9KZClex52UCzOSgRLICaJfzvmajf:+PGe3fTm1Bb80b4wwleH/rRECaJBjf
TLSH 75D42319B876323AC4846864D36A4F37E83A94D7282E77C7D2169322302FD777971DE8
Reporter abuse_ch
Tags:DHL MassLogger r15


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: e347122.name-servers.gr
Sending IP: 195.201.120.33
From: DHL EXPRESS <ewout.blaauw@dhl.com>
Subject: DHL Failed Delivery Notification
Attachment: doc773948775757 000239488884.r15 (contains "doc773948775757 000239488884.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/299fa63f1942cfff56f1b4957c8d6e2d959759d5aa4343671fcd78a6b3fe3143/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fgp2mpyzilh76vxrwskxzdlofwkzowovvjbugzy7zv4knm76gfbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/299fa63f1942cfff56f1b4957c8d6e2d959759d5aa4343671fcd78a6b3fe3143

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 299fa63f1942cfff56f1b4957c8d6e2d959759d5aa4343671fcd78a6b3fe3143

(this sample)

MassLogger

Executable exe cf68e1b1e8e89cf03b0d721957c794936947c8cf5f8c30401c20e075e4b37c6e

  
Dropping
MD5 c602f7597bedfe557a08bfd89ef8b343
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cf68e1b1e8e89cf03b0d721957c794936947c8cf5f8c30401c20e075e4b37c6e

Comments