MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42c96a699a36919cac3b65e9087037a346748e8ccaa3d69ea2b6e432fb829e31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42c96a699a36919cac3b65e9087037a346748e8ccaa3d69ea2b6e432fb829e31
SHA3-384 hash: 4f7725e1c4ccf0f272f5f804fd6d9fd7dcce3cbb4899a9eb9db5a111831ebb68d01063090e05c49b9e6348536a6ddcb4
SHA1 hash: ef93c623cd73a352d5842b37a0fc5ab82a63c169
MD5 hash: cd954261103db19a3c78aae0cde23c32
humanhash: cold-winter-bakerloo-berlin
File name:TNT SHIPMENT INFORMATION.IMG
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'507'328 bytes
First seen:2020-10-12 06:09:48 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:uuvqJzvfhmFRKeHwPIaE/5wbt+lURKTDL:bvovZmajw+0f
TLSH 99651276B3C64E47C7BD08FE8002215613F5EA1A6283FACA3F9D11980BD578596273B7
Reporter abuse_ch
Tags:Endurance img MassLogger TNT


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: 162-241-204-248.unifiedlayer.com
Sending IP: 162.241.204.248
From: Gulsen Altinsoy < gulsen.altinsoy@tnt.com >
Subject: TNT SHIPMENT INFORMATION
Attachment: TNT SHIPMENT INFORMATION.IMG (contains "TNT SHIPMENT INFORMATION.exe")

MassLogger SMTP exfil server:
mail.asiaprefabrik.com.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/42c96a699a36919cac3b65e9087037a346748e8ccaa3d69ea2b6e432fb829e31/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 02:46:47 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ilewu2m2g2izzlb3mxuqq4bxundhjdumzkr5nhvcw3sdf64ctyyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.76
Link:
https://yomi.yoroi.company/submissions/42c96a699a36919cac3b65e9087037a346748e8ccaa3d69ea2b6e432fb829e31

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img 42c96a699a36919cac3b65e9087037a346748e8ccaa3d69ea2b6e432fb829e31

(this sample)

MassLogger

Executable exe ba4e39e16f3599f9bfe3b5dd1664e0d071d2dfeb308e9380778c8360495f61d5

  
Dropping
MD5 dd042bca5232d541b3096fa31aea7d4a
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ba4e39e16f3599f9bfe3b5dd1664e0d071d2dfeb308e9380778c8360495f61d5

Comments