MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e9e3820339794ba98309ccfddbd4f251cc935445d6640b5c9b13a0b12129213. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 6e9e3820339794ba98309ccfddbd4f251cc935445d6640b5c9b13a0b12129213
SHA1 hash: 1503482ebbbe63005feb5becfabca75fa741f3bf
MD5 hash: 3f955aafb6ff200f76882102f16c59c8
File name:Payment Copy.zip
Download: download sample
Signature MassLogger
File size:714'725 bytes
First seen:2020-05-22 15:01:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:iO3RRcsRXGlsY5spuCdFQQKCqt+0w3BmBUG7zmrRbhDv:iERRLc54uCDhTqNwMut91v
TLSH 71E423969D34EEA94400FCF06A010526519DFEE09EF1CAEB17483F6B8D17848DDAFD62
Reporter @abuse_ch
Tags:MassLogger zip


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: 77-72-3-56.hosted-at.kloud.co.uk
Sending IP: 77.72.3.56
From: Rabih <rabih@emirates.net.ae>
Reply-To: Rabih <rabih@emirates.net.ae>
Subject: Payment Copy.
Attachment: Payment Copy.zip (contains "Payment Copy.exe")

MassLogger SMTP exfil server:
mail.chemshire.org:587

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 1
# of downloads 23
Origin country US US
ClamAV Sanesecurity.Malware.21237.ZipHeur.UNOFFICIAL
VirusTotal:Virustotal results 17.19%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 6e9e3820339794ba98309ccfddbd4f251cc935445d6640b5c9b13a0b12129213

(this sample)

  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment

Comments