MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6097f132b4a98062dbb7ea2302774344f1b004043e5771ffa64a34dffd4830de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 6097f132b4a98062dbb7ea2302774344f1b004043e5771ffa64a34dffd4830de
SHA3-384 hash: 14e0c01dffff40b48463e6b17c5be4d61f4a6df89a3924b6dfe87b78fe21cc417621ea9f961a2a144710d87793493bb0
SHA1 hash: a147b0e4cdf5ada929e871b8848a4f31c3ebb88f
MD5 hash: 8a1e0fb720c78b0b65ce416e5ec6cf3e
humanhash: snake-sweet-oranges-helium
File name:DHL Shipping Documents.zip
Download: download sample
Signature MassLogger
File size:1'640'499 bytes
First seen:2020-06-16 12:59:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:xfIw8PJQgViQZe9I64Knozq8F1nYQ7PJBm:mVJQg8zIVKnqXnr9Bm
TLSH 7F7533922CA67F3E396607C922CF29687FD8C8BA915C00558C9109CAF93D1D7FAF59C1
Reporter @abuse_ch
Tags:DHL MassLogger zip


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: slot0.signform-pl.me
Sending IP: 45.95.169.216
From: DHL EXPRESS<szr.pavlinji@neobee.net>
Reply-To: <info@dormak.com.tr>
Subject: Re: RE: URGENT::::DHL tracking no 4680921932
Attachment: DHL Shipping Documents.zip (contains "DHL Shipping Documents.exe")

MassLogger SMTP exfil server:
mail.elkat.com.my:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
28
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-06-16 13:01:08 UTC
AV detection:
17 of 48 (35.42%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 6097f132b4a98062dbb7ea2302774344f1b004043e5771ffa64a34dffd4830de

(this sample)

  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment

Comments