MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff179266bafaed8e19b2230c36e8f94fde238ea38ea05759bb1b45354e2e3d31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff179266bafaed8e19b2230c36e8f94fde238ea38ea05759bb1b45354e2e3d31
SHA3-384 hash: f9f2829736a11d08a0c9c0e57b25b22e4a570c5e4407923266b52a621f76e14e6159017d0caf3fc5920e44965a68839f
SHA1 hash: 75e62aeb006c8e651b4e7cbfbd153b4822a0e265
MD5 hash: e96332d219ece9a4ac813ed2eaa3d9cb
humanhash: enemy-vermont-virginia-romeo
File name:COT.1062.UGTO.JOSE LUIS NAVA.pdf.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:820'335 bytes
First seen:2020-10-21 08:08:31 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:lf4HqndwpPrqQighBjXHzSHdLGwSFY4AO+rPIO:xqqnapPrqQicHXvtfUPIO
TLSH A40533307FCE352D5AF6E281370053D5F49256EBEB6A08CF36199DEC4B8968229F8117
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host.digitrafico.mx
Sending IP: 209.59.151.64
From: KEM Guanajuato <ventas1@flexijuntas.com.mx>
Reply-To: KEM Guanajuato <officejb01@mail.com>
Subject: COTIZACIÓN 1062
Attachment: COT.1062.UGTO.JOSE LUIS NAVA.pdf.gz (contains "COT.1062.UGTO.JOSE LUIS NAVA.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34843418.32038.20322.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff179266bafaed8e19b2230c36e8f94fde238ea38ea05759bb1b45354e2e3d31/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 20:09:59 UTC
File Type:
Binary (Archive)
Extracted files:
29
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=74lzezv27lwy4gnsemgdn2hzj7pchdvdr2qfown3dnctktrohuyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz ff179266bafaed8e19b2230c36e8f94fde238ea38ea05759bb1b45354e2e3d31

(this sample)

MassLogger

Executable exe c275838c21fb95937bac4d383e415c16170a5fa05706c1f1939020beac90f2f9

  
Dropping
MD5 0956ac30bf36b3ec07b9a58a8c4cb1c4
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c275838c21fb95937bac4d383e415c16170a5fa05706c1f1939020beac90f2f9

Comments