MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dc1e41d91e98694e2dcd24d1cfc9eae355bb84493510e81e05f445a071c7ea5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	3dc1e41d91e98694e2dcd24d1cfc9eae355bb84493510e81e05f445a071c7ea5
SHA3-384 hash:	0b141e1eb182500a5d0ce84901d8d80eabbb2c2f24eb8bd9af41d8c21b5e08e56acf4ed6e18e61a3dabadc92ea7420d5
SHA1 hash:	63e88cb79f51e39bb2993e6557b25639f2de9749
MD5 hash:	519115a83f5083c4706f1f5918df29b6
humanhash:	kansas-kilo-three-idaho
File name:	Alhammra RFQ 004-001102.PDF.r00
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	1'090'871 bytes
First seen:	2020-11-05 15:41:20 UTC
Last seen:	Never
File type:	r00
MIME type:	application/gzip
ssdeep	24576:0398/E2Vs4WBQZZVece7t/M624PT1l9/FXzutVaV:0t8/E2q48QZZECn6lBFDutYV
TLSH	AD3533031F9A1E318C2943396F939AEF7A55AB64855C7B8E4793376F6003F42A04BED4
Reporter	abuse_ch
Tags:	MassLogger r00

abuse_ch

Malspam distributing MassLogger:

HELO: whmsrv01.virtualariki.com.br
Sending IP: 177.11.209.2
From: Miguel Alonso <malonso@alhammra.com>
Subject: Alhammra Request for Quotation
Attachment: Alhammra RFQ 004-001102.PDF.r00 (contains "Alhammra RFQ 004-001102.PDF.exe")