MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff6459ca52183c69be1ef1764b9a1cd4c3436d2713483bf5ad219d2bff0d439e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara Comments

SHA256 hash: ff6459ca52183c69be1ef1764b9a1cd4c3436d2713483bf5ad219d2bff0d439e
SHA1 hash: fe9c81cafac65c5b78a8b6fd629f7d69ed1f2f05
MD5 hash: dc26f87b2a4b65908a89673d1a4bf4d3
File name:RFQ NO. 4400008663.exe
Download: download sample
Signature MassLogger
File size:737'792 bytes
First seen:2020-05-23 11:45:48 UTC
Last seen:2020-05-23 13:13:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:U2iN4NJuXC7fAwLvpUpeB2uVLW+29SZ0Yr3YD12q2Q9ZJ8jGIukxYB+ag:U1EtfAgKpoV6E0kYpPz9ZJ8j0kWoT
TLSH 57F42292C1BC895DEA6C5BF86F56BF01E32853824583D6CB1F9050AD2C126D93E943E7
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: 77-72-3-56.hosted-at.kloud.co.uk
Sending IP: 77.72.3.56
From: M. Prabahkar Rao, Chairman, NSL Group <rabih@emirates.net.ae>
Reply-To: me <rabih@emirates.net.ae>
Subject: PROJECT DRAFT - Enquiry - 4400008663
Attachment: RFQ NO. 4400008663.zip (contains "RFQ NO. 4400008663.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 22
Origin country US US
ClamAV SecuriteInfo.com.Trojan.PWS.Siggen2.49255.5135.4625.UNOFFICIAL
VirusTotal:Virustotal results 27.78%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe ff6459ca52183c69be1ef1764b9a1cd4c3436d2713483bf5ad219d2bff0d439e

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments