MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d69ffa1fd0c833c93e631225c0a3548d85ff5e0476091dc1a37894546c70c096. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d69ffa1fd0c833c93e631225c0a3548d85ff5e0476091dc1a37894546c70c096
SHA3-384 hash: 0b33d0c2e6a1bb54c32659693b025baa99022af08285a7f6f4873860ecb9a2a68e4d7d97134b4892195ac87464740161
SHA1 hash: 179395d02ebab83c5e965886ff209de003d2325f
MD5 hash: fe266fec96d89096d8c6ecb098416492
humanhash: foxtrot-spaghetti-march-fruit
File name:DHL_January 2020 at 13M_9B7290_PDF.img
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'310'720 bytes
First seen:2021-01-13 20:11:19 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:xd6/UwByn2AkJcrHMkr+2oCu72bi2m98errq5OtrKFb0Ka3LwSuW9xpzz8Q/nm:UAnKcn+2GZHFe0EFbCLwSvSQ/m
TLSH 6255125A73E2C475D4B2023452D48BB3E5BABC32267480BBFBEC0D2E5F649D0566528F
Reporter abuse_ch
Tags:DHL img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: setentaytres229.nsprimario.com
Sending IP: 188.93.73.229
From: DHL EXPRESS <noreply@dhl.com>
Subject: Re: DHL Notification / DHL_AWB_001179703/ETD
Attachment: DHL_January 2020 at 13M_9B7290_PDF.img (contains "DHL_January 2020 at 13M_9B7290_PDF.exe")

MassLogger SMTP exfil server:
mail.beljemi.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
179
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.15496.2043.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d69ffa1fd0c833c93e631225c0a3548d85ff5e0476091dc1a37894546c70c096/
Threat name:
Win32.Infostealer.Maslog
Create hunting rule
Status:
Malicious
First seen:
2021-01-13 20:12:09 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=22p7uh6qzaz4sptdcis4bi2urwc76xqeoyer3qndpckfi3dqycla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d69ffa1fd0c833c93e631225c0a3548d85ff5e0476091dc1a37894546c70c096

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img d69ffa1fd0c833c93e631225c0a3548d85ff5e0476091dc1a37894546c70c096

(this sample)

MassLogger

Executable exe a39304a39ad9b9427b000045f7f5c60ed7790fe1a79d604ba9379bb94c0da593

  
Dropping
MD5 b9ca60bd296e8b80185f531b8fd82a8b
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a39304a39ad9b9427b000045f7f5c60ed7790fe1a79d604ba9379bb94c0da593

Comments