MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77105623676f77a5ecc6c88d65d0c23793969b03b45d4d24dc11ac706552e504. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara Comments

SHA256 hash: 77105623676f77a5ecc6c88d65d0c23793969b03b45d4d24dc11ac706552e504
SHA1 hash: e0f42094eaabffd36242cc74bf6da042d7d89dc8
MD5 hash: c42d141d2a0104b7b725a26fa811da2f
File name:Payment Copy.exe
Download: download sample
Signature MassLogger
File size:782'336 bytes
First seen:2020-05-22 15:01:58 UTC
Last seen:2020-05-22 15:48:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:BfcsBfGR+KjIpuC7vQOKCKtawGBpmNUgxdmZnvdxjV:BfnsjcuCbBTKbGSyn9vLR
TLSH 48F41246AE354771CC3487F215B1092067B68BD9158FC35D1E8029FA1C67F1A2AA2BBF
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: 77-72-3-56.hosted-at.kloud.co.uk
Sending IP: 77.72.3.56
From: Rabih <rabih@emirates.net.ae>
Reply-To: Rabih <rabih@emirates.net.ae>
Subject: Payment Copy.
Attachment: Payment Copy.zip (contains "Payment Copy.exe")

MassLogger SMTP exfil server:
mail.chemshire.org:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 30
Origin country US US
ClamAV SecuriteInfo.com.Trojan.PackedNET.300.18162.30164.UNOFFICIAL
VirusTotal:Virustotal results 30.00%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 77105623676f77a5ecc6c88d65d0c23793969b03b45d4d24dc11ac706552e504

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments