MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 973546d376c0a2c2cf2955375745c66457a01ed42026ff155dbd789e5f4e9db0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 973546d376c0a2c2cf2955375745c66457a01ed42026ff155dbd789e5f4e9db0
SHA3-384 hash: 5cb5a196c1c4bac6135547f8381acf306676f032bf68329e62e34b4824ec87c253798bec836912d309dbfbf98ff66a91
SHA1 hash: 4684cbc7eae7f9623db2a26113920cb0e324bf81
MD5 hash: e544c8753d4cdebf0252c272f37e68d5
humanhash: triple-don-speaker-edward
File name:Purchase Order 24084.pdf.ace
Download: download sample
Signature MassLogger
Create hunting rule
File size:746'284 bytes
First seen:2020-10-28 09:05:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:mh6j08xYTugUNYEISMX6cSF4zm1xxuZZOdNTZwB2IKBF1rhj3Y1434W6PeVQFth:mQj0CYbQYEISM8eZOD9df7nT6Peath
TLSH 2BF4233C7549476CE63DC04E80C62FCE493F192FCA3A96324F716C7649BAB9A8354798
Reporter abuse_ch
Tags:ace MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mannai.com.qa
Sending IP: 156.96.118.163
From: Mohammed Thurakkal Moosakutty <Mohammed.Moosakutty@mannai.com.qa>
Subject: RE: RE: RE: RE: RE: RE: Discounted offers - PR#2959 CAPEX: GLC/2020/1078 LPO 24084
Attachment: Purchase Order 24084.pdf.ace (contains "Purchase Order 24084.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/973546d376c0a2c2cf2955375745c66457a01ed42026ff155dbd789e5f4e9db0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-28 08:00:46 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s42unu3wycrmftzjku3vorogmrl2ahwueatp6fk5xv4j4x2otwya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 973546d376c0a2c2cf2955375745c66457a01ed42026ff155dbd789e5f4e9db0

(this sample)

MassLogger

Executable exe 237543ba5636a40b54e32ba6c9a4c859139acadf9b5d94e2f15d99251e71a415

  
Dropping
MD5 9d3ff76271e6115a512ddc0f3abc978c
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 237543ba5636a40b54e32ba6c9a4c859139acadf9b5d94e2f15d99251e71a415

Comments