MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdfbe574fd5d0be6ec09893c69bb550af33ff85b39019abcced1cf4d1ae6afba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cdfbe574fd5d0be6ec09893c69bb550af33ff85b39019abcced1cf4d1ae6afba
SHA3-384 hash: 0cf437211e1b96bbab3c11fef6c2440692e5819b7d82a0f0c942a6298f0ac90e13e0550b3244c708480aaa94aaf7669d
SHA1 hash: 073d90a310752e1127d792b0507987d8a23d3e01
MD5 hash: f7848c74cadaa1faeea16f6e8a6ffd41
humanhash: vegan-texas-kilo-lactose
File name:Purchase List.arj
Download: download sample
Signature MassLogger
Create hunting rule
File size:859'660 bytes
First seen:2020-06-15 14:03:22 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:cNgxzgrsqs00bCWaqUj2tnNfbmpyC99GoC863PkvQpwurD6C85MK8D4eRdtLRr:Vx8wqx0WW3Uj2NRbc9Vl63PkvFL5Pm1r
TLSH 0A0533D4EB305A477136ADB36BF628ED4DF5520782E8CE3C4CB15FA91E2CA826160D5C
Reporter abuse_ch
Tags:arj MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: serve0.yangtwang.pw
Sending IP: 142.11.195.30
From: Ina Hu <hr@yangtwang.pw>
Reply-To: ntranthaonguyen15@gmail.com
Subject: Request For Quotation-06/15/2020
Attachment: Purchase List.arj (contains "Purchase List.exe")

MassLogger SMTP exfil server:
mail.tcsqatar.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:46:25 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zx56k5h5luf6n3ajre6gto2vblzt76c3heazvpgo2hhu2gxgv65a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

arj cdfbe574fd5d0be6ec09893c69bb550af33ff85b39019abcced1cf4d1ae6afba

(this sample)

MassLogger

Executable exe a695f00451136422236ac536e9a7417a8826001ecb0ba51e582687cb0dc3f0ba

  
Dropping
MD5 d0454c5763ed33859b7e691a2b758a53
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a695f00451136422236ac536e9a7417a8826001ecb0ba51e582687cb0dc3f0ba

Comments