MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2757d60ab3f7e915054c0d0b29e4ccfacd11cec85861925a652df79f6ad467f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e2757d60ab3f7e915054c0d0b29e4ccfacd11cec85861925a652df79f6ad467f
SHA3-384 hash: 3de3d892624ca95aa9a11cd0a2fcfd3b477de71548134a12797de78f3a4110da01d21c9204d1c640f88b4b34c3e8c866
SHA1 hash: 725cc9043353eafa328a7f1ce6020a8d9c82b768
MD5 hash: 2a61a3772ab2801c2fd03c2eac5e7444
humanhash: washington-robin-potato-december
File name:Newproducts_Inquiry00000000PDF.arj
Download: download sample
Signature MassLogger
Create hunting rule
File size:844'412 bytes
First seen:2020-05-27 07:48:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:sluDqF1Vg6Axmrz52d7E5+QZ60qTtbjjGkU8MGt18veOCW:slFF1V52y5+QwTtpM9veQ
TLSH 460533CFEF88087D0FA8A66D01A1D5DBE884C112452796843ADBFFC983EF81B565D4E4
Reporter abuse_ch
Tags:arj MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.220
From: Purchase <info@tolrav.net>
Subject: New Inquiry
Attachment: New products_Inquiry00000000PDF.arj (contains "New products_Inquiry00000000PDF.scr")

MassLogger SMTP exfil server:
mail.pirc-energy.co.uk:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WBK.18985.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 09:12:56 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
13 of 48 (27.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip e2757d60ab3f7e915054c0d0b29e4ccfacd11cec85861925a652df79f6ad467f

(this sample)

MassLogger

Executable exe 6d8dbdf39f97cc1b6730d7eb7b2ac7f60ac2026e5ac33edb00093f1a87cfcf9a

  
Dropping
MD5 4410f1e9106370721dd61b665e62db98
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6d8dbdf39f97cc1b6730d7eb7b2ac7f60ac2026e5ac33edb00093f1a87cfcf9a

Comments