MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30790fef99d6268954e9ed162242fd1b83e4d194a6a2c52bc4d1f7d4e8cc32eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30790fef99d6268954e9ed162242fd1b83e4d194a6a2c52bc4d1f7d4e8cc32eb
SHA3-384 hash: 5784ec877288f704fc30ca84290570fe3c6e38e0989ff1709e74f6dc7af2eb36d8e85a9aa32ceefc3955052a6dfa2f2a
SHA1 hash: 0929e203ca4956fe7201b5ffa10757503a75199b
MD5 hash: 995cfb96e7f2abd65b035ad1a616132a
humanhash: floor-saturn-six-snake
File name:Attached is the new Order.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:857'695 bytes
First seen:2020-06-08 07:12:52 UTC
Last seen:2020-06-08 08:54:09 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:cQrjYOK8gvFOKpz79fSq3LAi8m7r/tZO1Qg1R78d12:cQ3K8G5zRSrrCDLOeg1RAd12
TLSH 70053369362A84EC1222BD5F38451FC735449FC68C18AB0F96A07F0DB694CB26F51EA7
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: server.linux80.papaki.gr
Sending IP: 138.201.37.101
From: Souren <ftc@flouty.com>
Subject: RE: Urgent Request
Attachment: Attached is the new Order.zip (contains "Attached is the new Order.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.generic.ml.19187.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:14:06 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gb4q734z2ytisvhj5ulceqx5dob6jumuu2rmkk6e2h35j2gmglvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 30790fef99d6268954e9ed162242fd1b83e4d194a6a2c52bc4d1f7d4e8cc32eb

(this sample)

MassLogger

Executable exe 813fe52cdbffcab18b99e3927eefeee22211d239b62b851fa55c01b68d39962f

  
Dropping
MD5 cffaedf855277c8b700af88339101f60
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 813fe52cdbffcab18b99e3927eefeee22211d239b62b851fa55c01b68d39962f

Comments