MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a798c34d4e626423e9cedf58ba8f612a9d8f1ecfa194ca58717be59f09b19c1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a798c34d4e626423e9cedf58ba8f612a9d8f1ecfa194ca58717be59f09b19c1c
SHA3-384 hash: 0192ec4bdec9fce3260caf9fc7f2100ed7bb6e96742549e5c243c760227346bbfc8d6b53bf0d8629498b1d2502b738b3
SHA1 hash: ce35f8e7ee57764839730effc203646268e005d8
MD5 hash: 10d718128efbf092704ab97cff902666
humanhash: ten-thirteen-indigo-fix
File name:RFQ for supply of piping fittings oil and marine equipments.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'027'630 bytes
First seen:2020-08-18 12:47:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:u5lxxPP7HmkeqjQD9wmoL1Be42LOtl4kRI5g6g3hyC1h:uXXqk4Cze42ytnOO3R1h
TLSH AB25334D23C1477C23EDA5CAAAF003E8A619F663C305EF40A6FAD29151DD85AC6F230C
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.emo.org.tr
Sending IP: 85.111.17.53
From: Robin Kedir <Robin-Kedir@essar.com>
Reply-To: procurement sec <Robin-Kedir@essar.com>, procurement sec <Robin-Kedir@essar.com>, procurement sec <Robin-Kedir@essar.com>
Subject: Urgent RFQ for supply of Piping&Fittings/Materials & Equipments for Khazzan BP Phase II Well site facilities project.3
Attachment: RFQ for supply of piping fittings oil and marine equipments.rar (contains "supply of piping fittings oil and marine equipments.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a798c34d4e626423e9cedf58ba8f612a9d8f1ecfa194ca58717be59f09b19c1c/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 12:49:08 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u6mmgtkomjsch2oo35mlvd3bfkoy6hwpugkmuwdrppsz6cnrtqoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a798c34d4e626423e9cedf58ba8f612a9d8f1ecfa194ca58717be59f09b19c1c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar a798c34d4e626423e9cedf58ba8f612a9d8f1ecfa194ca58717be59f09b19c1c

(this sample)

MassLogger

Executable exe 2a1b3187f7000dfb10dff758fe598e73e58d6864c5a4579e7c35acd88314ca20

  
Dropping
MD5 71114597292cbbeef69227d51f1dec32
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a1b3187f7000dfb10dff758fe598e73e58d6864c5a4579e7c35acd88314ca20

Comments