MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91ab9b169f8b0c05ab795c52b0e41f34374bb828c16176eda1f121c1dbc12731. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 1 Comments

SHA256 hash: 91ab9b169f8b0c05ab795c52b0e41f34374bb828c16176eda1f121c1dbc12731
SHA1 hash: 030098b28e2099a2fc12f5dbe8b4ad4af92295a5
MD5 hash: 033f93ab38b8abcd2c5125ff04172e9c
File name:NB_Inquiry.exe
Download: download sample
Signature MassLogger
File size:2'831'872 bytes
First seen:2020-05-23 11:17:16 UTC
Last seen:2020-05-23 11:46:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 49152:4G2eK6VCgOoR6vgYNjqPcpZF5ujFUhHb1JVe:4G2j6qg6vgYJ+sojFUh71JV
TLSH AFD57C3671829058C1785172002ADED4A6F66B423A938B2EF69F634F5F1272F37715CE
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: cloudhost-144190.uk-south-2.nxcli.net
Sending IP: 165.84.219.64
From: NB_Coatings <info@nbcoatings.com>
Reply-To: jonah@briistol.com
Subject: NBCOATING (lnquiry for Products) 05/23
Attachment: NB_Inquiry.CAB (contains "NB_Inquiry.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 21
Origin country FR FR
ClamAV SecuriteInfo.com.MSIL.Kryptik.WAJ.6124.UNOFFICIAL
VirusTotal:Virustotal results 23.61%
ReversingLabs :No data

Yara Signatures


Rule name:masslogger_gcch
Author:govcert_ch

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 91ab9b169f8b0c05ab795c52b0e41f34374bb828c16176eda1f121c1dbc12731

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments