MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7399c8c9e87373ce7148c611298f89756d4a209fb77b7969854718d87e469bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7399c8c9e87373ce7148c611298f89756d4a209fb77b7969854718d87e469bd
SHA3-384 hash: 72304bb70a8dc82257bf6deb51e892b673d8095907b9cd2420db491be9d49f2cd1a23002e85fbd11b7a4be8541904a68
SHA1 hash: dc4973587da1af27fe876fe2dfe33abbbcc22798
MD5 hash: 9d410a23d4d8e3494580f264287c2e38
humanhash: nineteen-xray-mars-may
File name:purchase order_pdf.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:773'609 bytes
First seen:2020-11-20 07:58:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:pDqAT97Gt7GyCS7ev0K4Di/H4Do53H7OqR4W4kDQjbS2RPTd+O16EmxbSq1H6T:pDnZyt7vCSKv0V2f4EX73R4W4kDMSscw
TLSH A6F433D7132C0F6D62F31923F65C63C2DAF897091EB765A42A39BC31F1A55A43E64C82
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: zoz0.209.xzov.ml
Sending IP: 68.183.145.95
From: Dmitry Novichenco <sales@imlamp.com>
Subject: Updated Quotation
Attachment: purchase order_pdf.zip (contains "purchase order_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a7399c8c9e87373ce7148c611298f89756d4a209fb77b7969854718d87e469bd/
Threat name:
ByteCode-MSIL.Trojan.Sudloader
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 07:59:09 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u44zzde6q43tzzyurrqrfghys5lnjiqj7n33pfuykryy3b7eng6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip a7399c8c9e87373ce7148c611298f89756d4a209fb77b7969854718d87e469bd

(this sample)

MassLogger

Executable exe 4bf8074df54f40439111a17b0f440b02949845eda10af9b6478b33819535f9c3

  
Dropping
MD5 e4057b2800c5d54fb0dc05dd87050657
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4bf8074df54f40439111a17b0f440b02949845eda10af9b6478b33819535f9c3

Comments