MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d33ee6619b671295dfd9a8599eff6bfba63f4b71811d1c304e0132caa36543bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d33ee6619b671295dfd9a8599eff6bfba63f4b71811d1c304e0132caa36543bc
SHA3-384 hash: 17ffe5947d0edcd816a9d494416b6911f08768c654465a194b1bb5dba16cde9c0c7405ecb5220d6190a28b75dd8ae347
SHA1 hash: 1d017bed1e231bca5e887c623a12438d0f5f9f51
MD5 hash: db93b9c0edb07b840e95fd5fdbfb0951
humanhash: bakerloo-apart-beer-missouri
File name:img_0933.r00
Download: download sample
Signature MassLogger
Create hunting rule
File size:497'140 bytes
First seen:2020-07-13 11:41:21 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:FfGkZL/I/wUNnCu/BHHc/PiYKTKpoQWnUy0GsQqtp1pEzgPsYL+5PS5HRMeMnl+t:N5/En78hphybXqv1p2ySqbML+IFLKn
TLSH 24B4235169377ADBF26B3F7BC94E333AD4D80166DD80CE24106915174E48BA6C48FABC
Reporter abuse_ch
Tags:MassLogger r00


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: minmaxbd.net
Sending IP: 45.138.172.46
From: KHAN <bd@minmaxbd.net>
Reply-To: KHAN <bd@minmaxbd.net>
Subject: Re: New BL draft (URGENT)
Attachment: img_0933.r00 (contains "img_0933.exe")

MassLogger SMTP exfil server:
mail.aydan.com.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d33ee6619b671295dfd9a8599eff6bfba63f4b71811d1c304e0132caa36543bc/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 11:43:05 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2m7omym3m4jjlx6zvbmz573l7otd6s3rqeorymcoaezmvi3fio6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 d33ee6619b671295dfd9a8599eff6bfba63f4b71811d1c304e0132caa36543bc

(this sample)

MassLogger

Executable exe cc6b0848a3a848c9ee7ce3f63d1e3f95393f6593140e2aab400146c06e593793

  
Dropping
MD5 f8d0bab3e3367fbd94c1f82eb33714e7
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc6b0848a3a848c9ee7ce3f63d1e3f95393f6593140e2aab400146c06e593793

Comments