MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5c28e3ac87bbb2024004844926484647f017dc5c506405873539b59ad0a64a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5c28e3ac87bbb2024004844926484647f017dc5c506405873539b59ad0a64a4
SHA3-384 hash: 1a816c2a5d801452cb006fd587c981bc4c0e3c845acb795302f0d3114af49b0245070ba1b40376413c6a673a0aae4673
SHA1 hash: 02fded2b6111d580eea704b38ba72fbc9b00c592
MD5 hash: 1b30b6afdf156a4ee5857c56064436c8
humanhash: robin-emma-butter-maryland
File name:PI List-pdf.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:668'407 bytes
First seen:2020-07-05 07:27:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:HM44+S8zKKko82HGEtkkTpRp3oWMzbSxICGokvmciK8wrAu1JqigL0ejsuqELx1i:HllzK36kkT3p4WeOxo7mRKH71JPgLZje
TLSH 6CE423C7CA6C4307BA65A3B382FEB584A7448BD610D0A02C0F1D59D6BE158BBDD29F5C
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: srv-hp13-212.netsons.net
Sending IP: 94.141.20.212
From: Faezeh <info@slesa.it>
Subject: list of PIs from Germany
Attachment: PI List-pdf.zip (contains "PI List-pdf.exe")

MassLogger SMTP exfil server:
mederfashion.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5c28e3ac87bbb2024004844926484647f017dc5c506405873539b59ad0a64a4/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-05 07:29:06 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4xbi4owipo5sajaajbcjezeemr7qc7ofyudeawdtkonvtlikmssa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip e5c28e3ac87bbb2024004844926484647f017dc5c506405873539b59ad0a64a4

(this sample)

MassLogger

Executable exe 2485826ad6e01c5ae26b460a9152854b3a6780da46f4abbca35be5b0bd570eb3

  
Dropping
MD5 f44eb63e27a1ecc5a17a22712898c003
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2485826ad6e01c5ae26b460a9152854b3a6780da46f4abbca35be5b0bd570eb3

Comments