MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e617e9a809ed5b682d8ee48d4a8cff379d8c5bcb8688da7b8b3f249185e8a135. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e617e9a809ed5b682d8ee48d4a8cff379d8c5bcb8688da7b8b3f249185e8a135
SHA3-384 hash: 10464be977338d5fe62e39b2ff654ae704290787c2f6a143145aeb3dc1f20a1bd79f9128bcdade6428437f26161228ff
SHA1 hash: 5116a60a10eadccbb4c4def61943a85dbe6b1d28
MD5 hash: e00a45db193eb71cf958ecae5f33af30
humanhash: island-shade-cup-wisconsin
File name:INV doc9450940983355523.pdf.uu
Download: download sample
Signature MassLogger
Create hunting rule
File size:894'083 bytes
First seen:2020-10-22 16:12:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:4AJFgGX81KC+m5PE7yjI5OjumDhyHUDDz3D3:FJFgGMAjm5chUt9yHU/
TLSH 521533479ACEF83DE1FCFDC43BD7645D851340ABBD26C3EAA0F26A268E64659440048F
Reporter abuse_ch
Tags:MassLogger uu


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: m1mkyc5j.ni.net.tr
Sending IP: 89.252.168.52
From: trust@al-tuwaijri.com
Subject: ACİL REVİZE PI
Attachment: INV doc9450940983355523.pdf.uu (contains "INV doc9450940983355523.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e617e9a809ed5b682d8ee48d4a8cff379d8c5bcb8688da7b8b3f249185e8a135/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 10:15:15 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4yl6tkaj5vnwqlmo4sguvdh7g6oyyw6lq2enu64lh4sjdbpiue2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MassLogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e617e9a809ed5b682d8ee48d4a8cff379d8c5bcb8688da7b8b3f249185e8a135

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar e617e9a809ed5b682d8ee48d4a8cff379d8c5bcb8688da7b8b3f249185e8a135

(this sample)

MassLogger

Executable exe 4391d0f7038e267c0b8603c0ae2969f6070ad3a2653387fff68038c03f945012

  
Dropping
MD5 b9e9712d9b9ea1f346fedfea4a2479c8
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4391d0f7038e267c0b8603c0ae2969f6070ad3a2653387fff68038c03f945012

Comments