MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ada5c3ff972fc1344418d6b6eaf304bbbc08fcf45c02cccbf6051126bed7cdc2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ada5c3ff972fc1344418d6b6eaf304bbbc08fcf45c02cccbf6051126bed7cdc2
SHA3-384 hash: 1c7f96173820e7ed6f9656898c5d192d5e7b11c6d5ed18b83d750b8393a5a77e0bc9ebc4398fb7023961e0fc0ec19e10
SHA1 hash: af3f3dde69d3858f193168a6b7251953d8764033
MD5 hash: e0996ba12618b89cec124d7b4e972b06
humanhash: lima-nevada-uncle-ohio
File name:PO_57859029 Keller RF0986.7z
Download: download sample
Signature MassLogger
Create hunting rule
File size:762'231 bytes
First seen:2020-10-15 11:22:38 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:DOKSD6xe61YLeFFF9W7TR94bSSoJZeOIi6QVLSdB+uQWvxttQ10WYzABpNdXkQ83:qKSD651yeFFqUbYJIVdkQS0WYzABpNdK
TLSH 07F4239B3B2766E9F2E63D40D04D42835AEBDE10D7DC79DC6386AE90B5150008FAF86D
Reporter abuse_ch
Tags:7z MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: server.devbox12.com
Sending IP: 162.249.2.44
From: Nick.Hasell@keller.com
Reply-To: cinder0913@gmail.com
Subject: PURCHASE ORDER for KELLER GROUP - Rp07292 // Urgent PO 57859029
Attachment: PO_57859029 Keller RF0986.7z (contains "ljy6IHILgEpQLaz.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ada5c3ff972fc1344418d6b6eaf304bbbc08fcf45c02cccbf6051126bed7cdc2/
Threat name:
ByteCode-MSIL.Trojan.Burkina
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 11:24:06 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vws4h74xf7atiray223ov4yexo6ar7hulqbmzs7wauisnpwxzxba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ada5c3ff972fc1344418d6b6eaf304bbbc08fcf45c02cccbf6051126bed7cdc2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

7z ada5c3ff972fc1344418d6b6eaf304bbbc08fcf45c02cccbf6051126bed7cdc2

(this sample)

MassLogger

Executable exe 11f3b25ae9fd0ba16395cb35d4d528f5180ecb436d0e095f9f4f0ff1e468e8eb

  
Dropping
MD5 2ac52a069dd3faf81faa8f77368b308c
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 11f3b25ae9fd0ba16395cb35d4d528f5180ecb436d0e095f9f4f0ff1e468e8eb

Comments