MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e64a8bcf44c1671d77ee091bf44aa2021c71fb8349562dcbb4c7d6d1686d1611. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 2 Yara Comments

SHA256 hash: e64a8bcf44c1671d77ee091bf44aa2021c71fb8349562dcbb4c7d6d1686d1611
SHA3-384 hash: b5c79c47a0ff2955d68d91dd6f458d1bd3c45d276c0aced0e9c2b83d6cee0709e3801e2ec28bca3d6aaa71c47f370f8f
SHA1 hash: 48a5f222470d4525c80b8ffbd426deea63674284
MD5 hash: 6439abd7b4c1b488020e75ab69953823
humanhash: blossom-muppet-vermont-lamp
File name:Quote.exe
Download: download sample
Signature MassLogger
File size:838'656 bytes
First seen:2020-06-30 12:24:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 24576:voEdnf0AvMgj1VNZTh8/ovwrAt3A6zoCgtmoD:v7Nz9DNZ9covwE1A6sCgUoD
TLSH 630522313A78AB2DC9B9877212B110150FF1FA2F8531E72E5E90D6C72977B90C601EA7
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: kangkeusa.com
Sending IP: 161.129.67.231
From: Mr Brian Plose <info@kangkeusa.com>
Subject: Quote
Attachment: Quote.exe

MassLogger SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 1
# of downloads 23
Origin country FR FR
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17131/
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/e64a8bcf44c1671d77ee091bf44aa2021c71fb8349562dcbb4c7d6d1686d1611/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Androm
First seen:2020-06-30 12:25:04 UTC
AV detection:18 of 31 (58.06%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:masslogger
Link: https://tria.ge/reports/200630-57y3knbcla/
Tags:ransomware spyware stealer family:masslogger
VirusTotal:Virustotal results 15.28%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe e64a8bcf44c1671d77ee091bf44aa2021c71fb8349562dcbb4c7d6d1686d1611

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments