MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 631824cf82f2b6f1f30f00a82001b7afa1f5bb59e72d775d7796bc1fdfec0c44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 631824cf82f2b6f1f30f00a82001b7afa1f5bb59e72d775d7796bc1fdfec0c44
SHA3-384 hash: c0f8f39b48c0d654a6510e32468438bb48849a64efb9b2b5751453179f0828c6b8b1c6880aace95be434d9eb96aeb9bb
SHA1 hash: 65db6a337b165815fbb766d43c5273e7b1739a8a
MD5 hash: 294fd7271da9cd3ed11130a27994a3b1
humanhash: oregon-july-green-echo
File name:Processing Documents And Drawings_pdf.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:553'145 bytes
First seen:2020-11-19 06:52:22 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:y3BNBPRHN0cGDgjBD3k9yPL4cG14BlvnM35Dv:qBPRHNLl3kIoWTfI5j
TLSH A1C433A9DF70077A36FDCF6D8394152450FE466450E2DE5E92FBE33C2285CA018B876A
Reporter abuse_ch
Tags:gz HostGator MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: gateway22.websitewelcome.com
Sending IP: 192.185.47.206
From: abdulghani@am-memon.com.pk
Subject: AGRI AUTO STAMPING
Attachment: Processing Documents And Drawings_pdf.gz (contains "Rewgjqjhqwqn8.exe")

MassLogger SMTP exfil server:
bh-58.webhostbox.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/631824cf82f2b6f1f30f00a82001b7afa1f5bb59e72d775d7796bc1fdfec0c44/
Threat name:
ByteCode-MSIL.Trojan.Quasar
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 06:53:05 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mmmcjt4c6k3pd4ypacucaanxv6q7lo2z44wxoxlxs26b7x7mbrca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 631824cf82f2b6f1f30f00a82001b7afa1f5bb59e72d775d7796bc1fdfec0c44

(this sample)

MassLogger

Executable exe 5057b3e15343b23d956143c48a195f14e8fb991f5eaaec694ea3edd04419455b

  
Dropping
MD5 fbb936cf3c39b7f0c77d72f56e844f6b
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5057b3e15343b23d956143c48a195f14e8fb991f5eaaec694ea3edd04419455b

Comments