MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3c6a1546ff708f99122b730baeba4692769e0efeb9a3ccc58b215f9ab9fe8e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3c6a1546ff708f99122b730baeba4692769e0efeb9a3ccc58b215f9ab9fe8e8
SHA3-384 hash: 2776cb8fcca3c490f6061324ee5c268b690ec36b13260ccdf16fa5679a8ad8fcf8171a6771769b318e82f31ff87b491f
SHA1 hash: 785e715e3cff00c8d787184e932c0db4bca27357
MD5 hash: 9ddfef3c6faa7f0b608baaaa9ec35c5c
humanhash: river-oscar-saturn-delta
File name:PI 200000679 Rev 3_pdf.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'000'951 bytes
First seen:2020-06-03 16:35:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:6GnxjVMhujGiqryd+7GRrK+FFsCQqJHYVTpyClWKtOk53yq5O61MnF0xpOvZd2bT:6GnxHqOd+7mKCJJ4VTMClZOO5cDdUM2
TLSH FE253317625F0FD2F8DCB64A34A08DB85F5241E2CD9B8329143EAB1250CEFEC1B5EA45
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: slavesmtp.scs-net.org
Sending IP: 213.178.226.250
From: Taraneh Manafi <s.taheri@electrokavir.com>
Subject: RE: Legrand code
Attachment: PI 200000679 Rev 3_pdf.rar (contains "PI 200000679 Rev 3_pdf.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 17:36:04 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4pdkcvdp64eptejcw4ylv25enetwtyhp5ondztcywik7tk475dua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar e3c6a1546ff708f99122b730baeba4692769e0efeb9a3ccc58b215f9ab9fe8e8

(this sample)

MassLogger

Executable exe a2a4fc12990dcf4a9778f96840b49be84f9563edd2b5209b6dac1ffb2ed8e38d

  
Dropping
MD5 87084086939792c1a2ccbb561c4fd598
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a2a4fc12990dcf4a9778f96840b49be84f9563edd2b5209b6dac1ffb2ed8e38d

Comments