MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2fc9aa53f4f13578d6e72eed7336764dc4d9c9b2079d7896dcbd8f8c7e711a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2fc9aa53f4f13578d6e72eed7336764dc4d9c9b2079d7896dcbd8f8c7e711a3
SHA3-384 hash: 2a51656fc074611c8fb174f821d3564d92367bafa613f273362bece3c757de04c57146707d2785e93210ae71a86f6524
SHA1 hash: acf054b1779789637695948e79936d49c0be4c1c
MD5 hash: 3383db1135b7dfc2d4f423f24d7ca47c
humanhash: angel-neptune-monkey-berlin
File name:Al-Mansoor _Quote_Order CAYAN LISTS14_PDF.r02
Download: download sample
Signature MassLogger
Create hunting rule
File size:879'934 bytes
First seen:2020-05-26 11:09:14 UTC
Last seen:Never
File type: r02
MIME type:application/gzip
ssdeep 12288:uTfkRVkvkOVcjkNGvxAWCBl4F+EwRwASUKYbTms/8GHF8sr6vzu5ujTSSk5oPFyB:uTOJOVcnxHcA+Lf5Xnm0JHr6wg++QT
TLSH E21533EFA2B11BC7E75F11AEE2B6CB22625D701A8C57C5461F66C3F202713D84E580A6
Reporter abuse_ch
Tags:MassLogger r02


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: dominicos-mail2.c.mad.interhost.com
Sending IP: 213.134.42.61
From: Rashid Ali //AL CAYAN Export Trading// <Officejb01@mail.com>
Subject: RFQ: Request for Quotation, ORDER P/O44532 1X40AL Cayan Export Trading
Attachment: Al-Mansoor _Quote_Order CAYAN LISTS14_PDF.r02 (contains "Al-Mansoor _Quote_Order CAYAN LISTS14_PDF.exe")

MassLogger SMTP exfil server:
microtelculiacan.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generic-7899865-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:18 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r02 f2fc9aa53f4f13578d6e72eed7336764dc4d9c9b2079d7896dcbd8f8c7e711a3

(this sample)

MassLogger

Executable exe 565d56fb2be1977b8189a0d31222abb99e72d84d777b4253f63bca44ce0535d7

  
Dropping
MD5 5445d45c4c5055033ab93973240c2e14
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 565d56fb2be1977b8189a0d31222abb99e72d84d777b4253f63bca44ce0535d7

Comments