MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b20dd5b68b8766bed0a393621498e7cda44d44d58b5774042950a3376f094890. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara Comments

SHA256 hash: b20dd5b68b8766bed0a393621498e7cda44d44d58b5774042950a3376f094890
SHA3-384 hash: 99c48f0824ffa24ac495aefbb937d6437183d7fdf8ae83e8882319fccd3d6551c500d7c3d9154524c8d3b70971268c0c
SHA1 hash: 9f709bbee72c911547d1bdcc647b6489bd5d9eaa
MD5 hash: d1bca30fb33b46d996db37fb659d34a0
humanhash: arizona-ceiling-steak-georgia
File name:ORDER
Download: download sample
Signature MassLogger
File size:822'355 bytes
First seen:2020-06-30 13:05:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:b+27ggs/OYffzFelHBMtdoDzhagzy+CV2:b+2sNRqKdol2/2
TLSH 380533C4136F8FE3DD7239F28AE44D6339A0D7F8B46381908DA55756B6E09C288D6837
Reporter @abuse_ch
Tags:MassLogger zip

Malspam distributing MassLogger:

Sending IP:
From: Ms. Stella Ramson <>
Reply-To: Ms. Stella <>
Subject: From Ms. Stella, Kindly view the attachment, And i will like you to arrange the P.I for us to proceed with purchase.
Attachment: ORDER (contains "ROLLY 3Y23RY4R2.exe")

MassLogger SMTP exfil server:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 26
Origin country FR FR
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 13:07:05 UTC
AV detection:7 of 48 (14.58%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.



zip b20dd5b68b8766bed0a393621498e7cda44d44d58b5774042950a3376f094890

(this sample)

Delivery method
Distributed via e-mail attachment