MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d501548a8060835c3a3d65281d905a189d6ebb7f2c79e0ae76d59872c1cc0b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 1 Comments

SHA256 hash: 6d501548a8060835c3a3d65281d905a189d6ebb7f2c79e0ae76d59872c1cc0b3
SHA1 hash: 8bbefc64626568c0a73b095d874f1b00633f7eb1
MD5 hash: c5eda9db6db46c98570bc8bcaed6f3a6
File name:New Offer.exe
Download: download sample
Signature MassLogger
File size:846'848 bytes
First seen:2020-05-22 10:05:20 UTC
Last seen:2020-05-22 10:51:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:B0FIZlN8LyJB8fg0oiXdq609ZS9cTYIDqkLs8xTGhdrJC3hUTtZU31UNqw06R6pW:j6TZXd629IYZkLVdGHFcahZUS1Eg
TLSH E705131417E4073FE63D97F9A0E020111BFD66252943FB990ED2A5DA2BB33604BB29D7
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: fre.freespirittours.ge
Sending IP: 192.254.140.61
From: executive@freespirittours.net
Subject: RE: PROFORMA FATURA
Attachment: New Offer.zip (contains "New Offer.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 23
Origin country FR FR
ClamAV SecuriteInfo.com.Trojan.Inject3.40368.24052.32473.UNOFFICIAL
VirusTotal:Virustotal results 26.76%
ReversingLabs :No data

Yara Signatures


Rule name:masslogger_gcch
Author:govcert_ch

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 6d501548a8060835c3a3d65281d905a189d6ebb7f2c79e0ae76d59872c1cc0b3

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments