MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbb3ff0f38c45e00b380e5fc4d23cde33b320c2d344d432961e6c347be7d2ab6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbb3ff0f38c45e00b380e5fc4d23cde33b320c2d344d432961e6c347be7d2ab6
SHA3-384 hash: 253516d6383208e7de0bfa49df6f488234f60aa8ebfea94d225f1fc898a0ec2e01476d1a34ae679de733f97cd40af582
SHA1 hash: bd02dc5475da4a91a71e5dc664c337402660e430
MD5 hash: 44fb3b549fe297ba57224fd1794e2bac
humanhash: harry-jig-eight-helium
File name:REQUEST_FOR_QUOTATION_1307-RFQ.IMG
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'769'472 bytes
First seen:2020-07-30 07:15:09 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:oEdiY5hZaXWQPasGWQUrNSuitlzMZYTK18RyMgxBd3B6Rn:oZXWQPasH3N6l4WT4Tf3B
TLSH 4F85F1447B40E60EC2AF8F7ACAD45810DDB8F99A4B07E387748633AF2DCE35A9905175
Reporter abuse_ch
Tags:img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: p1q.mail2000.com.tw
Sending IP: 220.130.127.171
From: sales <sales@chungmei.net>
Reply-To: sales <sales@chungmei.net>
Subject: REQUEST FOR QUOTATION 1307-RFQ
Attachment: REQUEST_FOR_QUOTATION_1307-RFQ.IMG (contains "109342PDF.exe")

MassLogger SMTP exfil server:
webmail.saritatravels.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.944.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbb3ff0f38c45e00b380e5fc4d23cde33b320c2d344d432961e6c347be7d2ab6/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-30 07:17:05 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xoz76dzyyrpabm4a4x6e2i6n4m5tedbngrgugklb43buppt5fk3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/bbb3ff0f38c45e00b380e5fc4d23cde33b320c2d344d432961e6c347be7d2ab6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img bbb3ff0f38c45e00b380e5fc4d23cde33b320c2d344d432961e6c347be7d2ab6

(this sample)

MassLogger

Executable exe f8b4f7113aa0d1a2c45da336f44aa6f3aac6ccceb9e1251842fdc086b1f33eef

  
Dropping
MD5 66ad6b602a36f163038c36bfe84a9c03
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f8b4f7113aa0d1a2c45da336f44aa6f3aac6ccceb9e1251842fdc086b1f33eef

Comments