MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85216c53e9590919930a55a1040fd4a67f4ff5440f12022c736baab95284a3bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85216c53e9590919930a55a1040fd4a67f4ff5440f12022c736baab95284a3bb
SHA3-384 hash: 03c25efe0a914ebd3b9ae75e73b83f19d080ba0a209e873eef98ddd54229b744b4cd3fa7c6bbc19cc7e8dfb287e9f7d2
SHA1 hash: c0132a25187dc00c5c5f89b6ef4135f1cd0a3501
MD5 hash: 079530e797c64050305227ec11d2058b
humanhash: eight-berlin-potato-sierra
File name:INVOICE09809000.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:829'135 bytes
First seen:2020-05-20 07:29:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:Q4Ncu7TNGf5VmslvDD3KVLutHIQstqhRvZVocDJ:QoNNkVZ9ULutHIQea3nDJ
TLSH 8D0533F96554CC1F30C840EE4E56EA2143A6328D839BCB789974B2B8CD6378DDAE5D18
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.huclangia.gq
Sending IP: 64.52.173.52
From: sales@mahaveergroup.net
Reply-To: saleslink@yandex.com
Subject: Invoice-Order#70900
Attachment: INVOICE09809000.rar (contains "INVOICE09809000.exe")

MassLogger SMTP exfil server:
mail.ereglitso.org.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 07:36:41 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=quqwyu7jleerteykkwqqid6uuz7u75keb4jaeldtnovlsuueuo5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 85216c53e9590919930a55a1040fd4a67f4ff5440f12022c736baab95284a3bb

(this sample)

MassLogger

Executable exe d1befdea5b845b2f44b7b2202bdf3d9e09a26fda3287581db28af324c865cdec

  
Dropping
MD5 f580ef1e3aea53f11f733293d5dea0c8
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d1befdea5b845b2f44b7b2202bdf3d9e09a26fda3287581db28af324c865cdec

Comments