MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ed32bc11cb915c3ea73c503264139c08eeaa7478989732143fcc5769d244acd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ed32bc11cb915c3ea73c503264139c08eeaa7478989732143fcc5769d244acd
SHA3-384 hash: bc843466b45dd133f3ad61dd645e152b6bf18983749ac9371c9c068f0c449758c672782f4903fdab191e09a52e7505b2
SHA1 hash: 31dd8f579df672f6e0f089b1dab6c1a69b259bd4
MD5 hash: 7fbdd9c1d4537e5af86f24d013f93128
humanhash: berlin-september-summer-delta
File name:RFQ- 978002410.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'039'692 bytes
First seen:2021-02-24 15:02:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:SswwgpMjCCpayXDptstcs6rWRg4+h690NI0/NP2o7:JLTNauptstmWRR+8V0/Neo7
TLSH 88253375C7724A817077DA7684101CF3B24990232C7F3AFF9E1787961A69684E2F58E3
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.good-hills.co.jp
Sending IP: 153.120.2.71
From: Ali Mohamed Al Suwaidi <ahmed.omara@emtdubai.ae>
Subject: ADNOC RFQ 978002410 | URGENT |SUPPLIES
Attachment: RFQ- 978002410.rar (contains "RFQ- 978002410.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ed32bc11cb915c3ea73c503264139c08eeaa7478989732143fcc5769d244acd/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 14:09:04 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l3jsxqi4xek4h2ttyubsmqjzychovj2hrgexgikd7tcxnhjejlgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 5ed32bc11cb915c3ea73c503264139c08eeaa7478989732143fcc5769d244acd

(this sample)

MassLogger

Executable exe 7b76df7f72bbd45fc3716b6382b1c6de7421ac7bcfc213221c0b04675fd50e68

  
Dropping
MD5 dc3a6382ad54522bf1c4247d2b2e6843
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7b76df7f72bbd45fc3716b6382b1c6de7421ac7bcfc213221c0b04675fd50e68

Comments