MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 312f271f6cad055de6295cb26b51788ec257935757786dacf177dcb8fdd716af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 312f271f6cad055de6295cb26b51788ec257935757786dacf177dcb8fdd716af
SHA3-384 hash: db7f679732bc860c4e27fe67f7c09c8f287010c16755c3e2f97369d01f7da1a2b843589b8c09a9cf41ec29369bf829da
SHA1 hash: f42045d7f2caaff4519034eb13c160fa14731e50
MD5 hash: d0d3f4db342264a38887fa5ce58813b5
humanhash: salami-victor-salami-kilo
File name:Order2020-4552_pdf.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:642'274 bytes
First seen:2020-10-14 16:22:45 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:A8bBBOqEhLO7BFvgOnVK6MGB2Tw1c6PWJJFJLSUUXBAEIwxpY8ad:A8bBUlqB5gOnVK6MZthJjTExxpY8M
TLSH 8AD423AFBF818E5C0E6233BA57122FE59F6CC9004FC5495A863218742DF564F1326ECA
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: vps.aw-himpelar.com
Sending IP: 193.239.147.162
From: Global Trade Source <dp_purch@dipic.com.ph>
Subject: Global Trade Source Inquiry
Attachment: Order2020-4552_pdf.gz (contains "Order#2020-4552_pdf.exe")

MassLogger SMTP exfil server:
bh-58.webhostbox.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/312f271f6cad055de6295cb26b51788ec257935757786dacf177dcb8fdd716af/
Threat name:
Win32.Trojan.LokibotCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 13:29:15 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gexsoh3mvucv3zrjlszgwulyr3bfpe2xk54g3lhro7olr7oxc2xq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/312f271f6cad055de6295cb26b51788ec257935757786dacf177dcb8fdd716af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 312f271f6cad055de6295cb26b51788ec257935757786dacf177dcb8fdd716af

(this sample)

MassLogger

Executable exe 8b57afe96667b88596d51dabfee3359371f517cf97a758473eae0f9d2aa97db9

  
Dropping
MD5 e1aa210e84ad8dd527a9aea0702d56ca
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8b57afe96667b88596d51dabfee3359371f517cf97a758473eae0f9d2aa97db9

Comments