MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 676b983f12a7527d78f28e6ca479522be55bc444e48b8cb32e864cc7b1c0f8af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 676b983f12a7527d78f28e6ca479522be55bc444e48b8cb32e864cc7b1c0f8af
SHA3-384 hash: 19550d03a68be099d6a328c634dc5747f6d71a992def86d2fb9387c97a1df2970d05c143727ced756b96a34f7ad19eed
SHA1 hash: 5d383f4a38b90ad2a598bb72e922812de3dda2fe
MD5 hash: 641e89cdd1a48c7e6ce70b8d8b88a1ed
humanhash: delaware-social-jupiter-angel
File name:vessel document.img
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'638'400 bytes
First seen:2020-11-18 06:42:58 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:qLxO5mmxXw9NK3s2xHFhREe/P4kuVJDL58yKAqESEcSAmqVmqrEEa7wTx452VmVX:nA23suHbye/veIyKAq8trqPa72452b
TLSH A375F1396779AB26E0BC8B7788505810D3FAEC11D663C51BBCF8F48966E4FE8053164B
Reporter cocaman
Tags:img MassLogger


Avatar
cocaman
Malicious email (T1566.001)
From: "Cetragpool SAS <info@containerships.de>" (likely spoofed)
Received: "from containerships.de (unknown [103.133.109.32]) "
Date: "17 Nov 2020 19:42:17 -0800"
Subject: "Ref: M/V La Guimorais - Discharging Kakinada - Agency Appointment"
Attachment: "vessel document.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Agent.EZAG.1745.4773.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/676b983f12a7527d78f28e6ca479522be55bc444e48b8cb32e864cc7b1c0f8af/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-11-18 01:00:34 UTC
File Type:
Binary (Archive)
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m5vzqpysu5jh26hsrzwki6ksfpsvxrce4sfyzmzoqzgmpmoa7cxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img 676b983f12a7527d78f28e6ca479522be55bc444e48b8cb32e864cc7b1c0f8af

(this sample)

MassLogger

Executable exe 604ba7cdc57afe861bba16c1b768428632b09bde9b4b7bef1a74f52175c14071

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 604ba7cdc57afe861bba16c1b768428632b09bde9b4b7bef1a74f52175c14071
  
Dropping
MassLogger

Comments