MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2b8a8a516e339060390b2a96c57e8eafda4ab570a1350c2edc72118f24869e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2b8a8a516e339060390b2a96c57e8eafda4ab570a1350c2edc72118f24869e7
SHA3-384 hash: 1141f540aa5c52a19b16d82d16fe57e132b2a7e0704c87a7b265f270bfab842ef05e9110b497508a1bd0ec2650cb0276
SHA1 hash: d37c443eb6d532040545c6c8b05a29654c5b6874
MD5 hash: b424a586b5eca4342a3e25f0d3056e0d
humanhash: rugby-pluto-cup-coffee
File name:PO 056138-NV2020.lzh
Download: download sample
Signature MassLogger
Create hunting rule
File size:688'839 bytes
First seen:2020-10-22 11:51:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:kqbZb0tDq5FHVZdFri5LsSAAKyutgWjPv09LGs5MLEKg0QaGIZtX/C1:rbZbYD8FHVZdE5ASAqu1jGCs53Indzvg
TLSH 5EE42304CCDAA279E3E2F5E550185ACFE5C4E234BF1C8B00695D89C9EA0702EADDD9DD
Reporter abuse_ch
Tags:lzh MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host625319.localhost
Sending IP: 23.160.193.119
From: Farhad Al-yer<anonymousfox-zekoy@magicmetalsca.com>
Subject: Re: Quotation eh-2020BGS
Attachment: PO 056138-NV2020.lzh (contains "PO 056138-NV2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2b8a8a516e339060390b2a96c57e8eafda4ab570a1350c2edc72118f24869e7/
Threat name:
ByteCode-MSIL.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 07:59:07 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yk4krjiw4m4qma4qwkuwyv7i5l62jk2xbijvbqxny4qrr4sinhtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar c2b8a8a516e339060390b2a96c57e8eafda4ab570a1350c2edc72118f24869e7

(this sample)

MassLogger

Executable exe 2a38cac260fe3d622381719dba23fdc94f2c3a162635f615ac1b1cd57c8f3ead

  
Dropping
MD5 0fd10b7b31026268397408fa03574858
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a38cac260fe3d622381719dba23fdc94f2c3a162635f615ac1b1cd57c8f3ead

Comments