MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 495edcd386c238721b9aa2f64efda0ad834d2c5446df8ba920b6aaa52241217f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 495edcd386c238721b9aa2f64efda0ad834d2c5446df8ba920b6aaa52241217f
SHA3-384 hash: b8ff26f134a15c6f9da9c30ebfecd858948bbd08ff20559c8ae293276b9ce05ec7e4d4cf85bdb2452e93c3153c9e1043
SHA1 hash: 1c3e779a0ca17853437cb3e7084f125d90162e9b
MD5 hash: 1bd51092d2831181c8ab9f879f0284ef
humanhash: black-johnny-august-one
File name:Samples.Scan..rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:926'853 bytes
First seen:2020-06-05 06:02:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:vyQ/g22QPN6hGvZrQgrfTgVV5vDyZOI4nurml84CSV:vN/g8PN6EBUg4T5uZKntG2
TLSH 8E153362C3EE588F3515CE5CCD618B3B2FFB2F09B61A190D49211FA7386631E944AD98
Reporter abuse_ch
Tags:Maersk MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: tonyhai.org
Sending IP: 83.166.240.84
From: maerskratesheet <hartmann@briannterry.cf>
Subject: RE:MAERSK RATE SHEET_Asia to West Coast South America, Central America and the Caribbean_FAK_01 JUN-07 JUN_11319284
Attachment: Samples.Scan..rar (contains "Samples.Scan...exe")

MassLogger SMTP exfil server:
mail.ejabgroup.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 06:36:32 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jfpnzu4gyi4heg42ul3e57navwbu2lcui3pyxkjaw2vkkisbef7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 495edcd386c238721b9aa2f64efda0ad834d2c5446df8ba920b6aaa52241217f

(this sample)

MassLogger

Executable exe 61f71454eee2bb4a8de161e795ff31da2cec631df0582a30fd7cceb54ae02892

  
Dropping
MD5 3a474e65770ed7bc707dba9f678f62a8
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61f71454eee2bb4a8de161e795ff31da2cec631df0582a30fd7cceb54ae02892

Comments