MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c6bcd85ef99fb48c482173081c331c24c791f3963ea3ac5b6364ba62b42ddee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c6bcd85ef99fb48c482173081c331c24c791f3963ea3ac5b6364ba62b42ddee
SHA3-384 hash: aec3e230a20626bc324ae4b4fc2f0a51ffb758b92edb8afd69bd29f483651cd04621f44423853dc11a56d9cf96dbafb6
SHA1 hash: 020d392610164aab21dd2cac24ab23fc04bf67d3
MD5 hash: 087bd412d8228cc1d582ae8e8b728602
humanhash: oxygen-spaghetti-ink-earth
File name:HDFCR52020061784196958 PDF.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:824'183 bytes
First seen:2020-06-18 06:16:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:sboolHiJPRJQFK6dFPkmGukBSWaxDpor6mve6jncxuPoAlnr2bvraRCgucMAJl:m6r6dFXIBSWaxFo+geIcylnrsj4uMn
TLSH 8605237D89DE9D2C4A919402C8B8A7737802B25DB0B15C1AF7781AFDA787E037F64126
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: shubhamindia.com
Sending IP: 45.137.22.118
From: HDFC Bank InstaAlerts<accounts@shubhamindia.com>
Subject: View: Account update for your HDFC Bank A/c
Attachment: HDFCR52020061784196958 PDF.zip (contains "HDFCR52020061784196958 PDF.exe")

MassLogger SMTP exfil server:
mail.drngetu.co.za:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Generic.fc.30295.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.BitStealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 06:18:05 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jrv43bppth5urrecc4yidqzryjghshzzmpvdvrnwgzf2mk2c3xxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 4c6bcd85ef99fb48c482173081c331c24c791f3963ea3ac5b6364ba62b42ddee

(this sample)

MassLogger

Executable exe 00d6fd04656c60eb2712da13fd06488de59c25e79c18b2a8ae2b2ed12c4e030f

  
Dropping
MD5 ccc19de53da5589da2a83995e22c649b
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 00d6fd04656c60eb2712da13fd06488de59c25e79c18b2a8ae2b2ed12c4e030f

Comments