MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66132e07338e20eb2b50576ad91b8d22424a7f13bc5ec345ca961be12b78a582. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66132e07338e20eb2b50576ad91b8d22424a7f13bc5ec345ca961be12b78a582
SHA3-384 hash: 86460bfb86b039da29a2b2f1d9918d320c3c0a4fb82dea5e704c3ed488f004327a84c7ed8b5cc53c3fae4ed37d300790
SHA1 hash: 1f8db96f81dff37c4bffe4ee921f7dd6183b0526
MD5 hash: 028f506479ec9c6d6946f04e35c2bf34
humanhash: colorado-comet-ack-spring
File name:NEW PO N07652.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:995'746 bytes
First seen:2020-09-14 13:34:07 UTC
Last seen:2020-09-15 05:32:03 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:ldk5kOYvld37gO1TipT7h7z8Kixu6Q/MpBXPWo5JBOfB4tN:45CLGdtPMpBfFBJ
TLSH F32533A54036ECCDA9B65CCC57D3681D0689472D802DEFA31A78FA20F3F5F662764893
Reporter cocaman
Tags:MassLogger zip


Avatar
cocaman
Malicious email
From: Colby<info@dongjin-ms.co.kr>
Received: from dongjin-ms.co.kr (unknown [212.83.46.148])
Date: 15 Sep 2020 06:30:17 +0200
Subject: NEW PO NO98762
Attachment: NEW PO N07652.zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66132e07338e20eb2b50576ad91b8d22424a7f13bc5ec345ca961be12b78a582/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-09-14 13:09:50 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=myjs4bztryqowk2qk5vnsg4nejbeu7ytxrpmgroksyn6ck3yuwba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 66132e07338e20eb2b50576ad91b8d22424a7f13bc5ec345ca961be12b78a582

(this sample)

MassLogger

Executable exe 2dcd8c440ad89be13a989eaee911c9aa3e79d5a80c8aab4c7832a82c726bc465

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2dcd8c440ad89be13a989eaee911c9aa3e79d5a80c8aab4c7832a82c726bc465
  
Dropping
MassLogger

Comments