MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50917f02e651e561e9bf8bdcbfd3d7603fe9c6ea08a08d9953967500fcf864c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50917f02e651e561e9bf8bdcbfd3d7603fe9c6ea08a08d9953967500fcf864c2
SHA3-384 hash: cb80fff20e69ecc6ffa7fec4ca1ca9bf8538779126c6adc091229896b182aeb9845d33f57f20fbe73d11ba79d5ff4ffc
SHA1 hash: a09cda0a34ccdcaec6d1be2b0ec5c174391aff74
MD5 hash: 0868eed0dbd6a06a76bbcd047e6d2760
humanhash: mobile-ten-fish-batman
File name:952110_2020713.r00
Download: download sample
Signature MassLogger
Create hunting rule
File size:487'441 bytes
First seen:2020-07-13 06:59:38 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:r/Rs0ravx9+6XPGqEyDrBEl3/HfKbIYAhQPTJUq7b:7m0C9+mGorB4/H+IYLR7b
TLSH DFA423A2B89FB4CA9B16D7C8C67FEB084DD6CFB027D174D2D029290774507F954A2B28
Reporter abuse_ch
Tags:MassLogger r00


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: naver.com
Sending IP: 45.138.172.58
From: Hei Ryung <sales_ljimports@naver.com>
Reply-To: Hei Ryung <sales_ljimports@naver.com>
Subject: LJ Order
Attachment: 952110_2020713.r00 (contains "952110_2020713.exe")

MassLogger SMTP exfil server:
mail.kaanmakina.com.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/50917f02e651e561e9bf8bdcbfd3d7603fe9c6ea08a08d9953967500fcf864c2/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 07:01:11 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kcix6axgkhswd2n7rpol7u6xma76trxkbcqi3gktsz2qb7hymtba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 50917f02e651e561e9bf8bdcbfd3d7603fe9c6ea08a08d9953967500fcf864c2

(this sample)

MassLogger

Executable exe f486c5d5fe3c9341cd331a8e6a68102a9bd7a9e7864c5179948c585806828006

  
Dropping
MD5 52e2dd01e70bce5aac4f44e19c2876e1
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f486c5d5fe3c9341cd331a8e6a68102a9bd7a9e7864c5179948c585806828006

Comments