MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd2f1c8f9b65a8c1b5b61c07aca9734f9381cd9e21b2656aecc0dc81aef13cd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: dd2f1c8f9b65a8c1b5b61c07aca9734f9381cd9e21b2656aecc0dc81aef13cd4
SHA3-384 hash: fc383a500a425ae49ad051f5d28f0ce7137f9cd0c387119c7d8b38b8b77368e1a44ecfa37890f9e885467390dabc306d
SHA1 hash: 6f2b0c87c7183216e27b69dcb124100df33876e0
MD5 hash: 4f794241cbe71f54666f5b60d2bb1667
humanhash: winner-carolina-texas-single
File name:PZS-172.rar
Download: download sample
Signature MassLogger
File size:679'871 bytes
First seen:2020-06-30 09:05:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:LOTyvsfGOnbHFo9M6hmWXgzS7qGfUJ8DvTzmirQRT887FKrLywrPtce:LOIBODFkBX9feQ6rg8SLywrlce
TLSH D2E4332B6ADA657563813EE3C9F591C33EA205BC678640C5DFC42B3891A8C37EB41F25
Reporter @abuse_ch
Tags:HostGator MassLogger rar


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: gateway20.websitewelcome.com
Sending IP: 192.185.58.11
From: Masoumeh <m.aligol@climaxoilfield.ae>
Subject: RFQ-PZS-172
Attachment: PZS-172.rar (contains "PZS-172.exe")

MassLogger SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 27
Origin country US US
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/dd2f1c8f9b65a8c1b5b61c07aca9734f9381cd9e21b2656aecc0dc81aef13cd4/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 09:07:06 UTC
AV detection:14 of 31 (45.16%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar dd2f1c8f9b65a8c1b5b61c07aca9734f9381cd9e21b2656aecc0dc81aef13cd4

(this sample)

  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment

Comments