MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e50a804199c2303cf419613432fcc39612d644a0373e72e5b15a96b56a0521d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e50a804199c2303cf419613432fcc39612d644a0373e72e5b15a96b56a0521d6
SHA3-384 hash: cb240cf4071c0269c062ef354abc03dee0aacbdab60ca137c6d6ee418fc59763eb63fe132495f03e7c44b5a66574653e
SHA1 hash: f2bd5bc0d2e6169719fab44f600bf52134113289
MD5 hash: 7545cbee396441ca0ce3c2cf16f8f6b7
humanhash: lima-cat-sad-friend
File name:Purchase Order Sample.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:886'237 bytes
First seen:2020-07-31 06:54:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:yIyulUTHDYFbPSq2l25LgDmkft3psUJcNmnC2I3CgPGLUzXxS8pfQa+SNxLnBSBG:yIhdPS3cFkJcNgyxP9VhpfQrSN5Be7q
TLSH 531533090B9D3567706DF94C7CF9A7448AC243D9FA84E1C074E6D2C80A519F8272EAFA
Reporter abuse_ch
Tags:MailChannels MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: brown.elm.relay.mailchannels.net
Sending IP: 23.83.212.23
From: admin8@capstoneeeq.com
Subject: FOB Inquiry - PO Yh15072020003 / Urgent Order From BANGKOK
Attachment: Purchase Order Sample.zip (contains "Purchase Order Sample.exe")

MassLogger FTP exfil server:
ftp.hmpme.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e50a804199c2303cf419613432fcc39612d644a0373e72e5b15a96b56a0521d6/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-31 06:55:09 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ufiaqmzyiydz5azme2df7gdsyjnmrfag47hfznrlkllk2qfehla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e50a804199c2303cf419613432fcc39612d644a0373e72e5b15a96b56a0521d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip e50a804199c2303cf419613432fcc39612d644a0373e72e5b15a96b56a0521d6

(this sample)

MassLogger

Executable exe 1590167d71c9cd4bdacf01d5e56fb3b4315ddaf7ede3dc270de784a7ec12f2dd

  
Dropping
MD5 2a3f68d64b40b2b1ab652183adcc69d4
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1590167d71c9cd4bdacf01d5e56fb3b4315ddaf7ede3dc270de784a7ec12f2dd

Comments