MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7e5cfc9a209e56e4af70f1dca1fc645502aba5db0237916e93d7b034893431d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7e5cfc9a209e56e4af70f1dca1fc645502aba5db0237916e93d7b034893431d
SHA3-384 hash: 6dab5feacdcdc08ab97d8095a91abf4e1f3343a3c9a4b771780bd85cd7a5104f7549ca3de6a6258ac4ef06c949136bc4
SHA1 hash: 20975fbbea1f38f0ed3cd00fce9fc3bb0acc23ae
MD5 hash: b994e3db94ada309ba4ac86231931548
humanhash: ceiling-wolfram-idaho-cold
File name:DHL_January 2021 at 00M_9B7290_PDF.img
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'310'720 bytes
First seen:2021-01-18 16:07:16 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:WOj1bQ605u0x4z+UV55i2Sf2+39DM5hW:DbQ60Qsg+IazWHW
TLSH 7D551236B2A65195DAC027321393D8681B677C0F492B430EB8FE3BDE17B60DEC945716
Reporter abuse_ch
Tags:DHL img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: nivelz.org
Sending IP: 195.201.196.173
From: DHL Customer Support <noreply@dhl.com>
Subject: RE: DHL Express Shipment // AWB_5011014
Attachment: DHL_January 2021 at 00M_9B7290_PDF.img (contains "DHL_January 2021 at 00M_9B7290_PDF.exe")

MassLogger SMTP exfil server:
mail.beljemi.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.507.7192.27924.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7e5cfc9a209e56e4af70f1dca1fc645502aba5db0237916e93d7b034893431d/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=47s47sncbhsw4sxxb4o4uh6givicvos5warxsfxjhv5qgsetimoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.97
Link:
https://yomi.yoroi.company/submissions/e7e5cfc9a209e56e4af70f1dca1fc645502aba5db0237916e93d7b034893431d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img e7e5cfc9a209e56e4af70f1dca1fc645502aba5db0237916e93d7b034893431d

(this sample)

MassLogger

Executable exe 06c41a094a2ac06eb643f4f1f917dbad2cc65a350a8902266ff9f37fe18e8b39

  
Dropping
MD5 ecaf3ef7c768a488d9beaf448bf88436
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 06c41a094a2ac06eb643f4f1f917dbad2cc65a350a8902266ff9f37fe18e8b39

Comments