MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5a7ba91a61c390523fe58672b672a3b4d3c18237ebb640c92a58afc748773cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5a7ba91a61c390523fe58672b672a3b4d3c18237ebb640c92a58afc748773cc
SHA3-384 hash: e4f45b978409ec41b93102b75cda0b1e6c17ccc6fb73b55c8427539c1459daaec22030c2b5f511345d32ac7ce6f63812
SHA1 hash: f4b861c230f77c08d798743b0ad3973f4038367e
MD5 hash: 930b08de967affd1e06ce6ca802d0de5
humanhash: salami-salami-uniform-august
File name:REQUEST FOR QUOTATION.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:712'488 bytes
First seen:2020-07-13 11:57:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Lan2FsPoAoNXAm6pOFsDx6gHNsLD0NBlaOjDYLd+kFDfwX1nF+qvx:k2FS8XAm2O699aWBlaOHYLd+1lF+qvx
TLSH CAE433A74D12DDE5B30999F2768237AFC3C8E819227EB4727E51EC94BD94C8483C56C2
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: server.asaloto.com.tr
Sending IP: 178.211.50.155
From: info@intermerkur.rs
Subject: Re: Acil sipariş talep edildi
Attachment: REQUEST FOR QUOTATION.zip (contains "file.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22523.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b5a7ba91a61c390523fe58672b672a3b4d3c18237ebb640c92a58afc748773cc/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 11:59:05 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wwt3vengdq4qki76lbtswzzkhngtygbdp25widesuwfpy5ehopga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip b5a7ba91a61c390523fe58672b672a3b4d3c18237ebb640c92a58afc748773cc

(this sample)

MassLogger

Executable exe de083ffcc44c047fbf9a4938aca158f47045b9ee3ce98ce7b24202422fca3396

  
Dropping
MD5 2254eea10e2cb5e29c09bf28170c2e69
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 de083ffcc44c047fbf9a4938aca158f47045b9ee3ce98ce7b24202422fca3396

Comments