MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36b4470e8a0698e0b504713f991292995aa36d135d55a1d83954c109608ab659. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36b4470e8a0698e0b504713f991292995aa36d135d55a1d83954c109608ab659
SHA3-384 hash: ffbabc50a1ab43797d0344c7c43cb5478dfea03cf2ea5fd1a43aed11d1c5c6141876f60ba5720abf652e322da0922c1b
SHA1 hash: 15f0bb7579dabc11a9a41134851e87ba364919e8
MD5 hash: c1443e268aaf9cc7d218816f553d43c1
humanhash: enemy-magazine-winner-nuts
File name:WesBank Ref 00142455 DishonestFraudulentTransaction.pdf.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:989'556 bytes
First seen:2020-08-03 17:39:10 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:d752J1iw5ZOBAi4ZvgoxbZIqWkTDkUBHwuLd:d75QbZg1Cj5+qWknkUZPLd
TLSH 2E25330FDD7BC0F15DA760A226361B437EAE716E84A48D7C191428864BE1BC0CEB5F99
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: slot0.comkamaindia.biz
Sending IP: 45.95.169.12
From: wventer@wesbank.co.za
Subject: WesBank Ref 00142455: Dishonest/Fraudulent Transaction
Attachment: WesBank Ref 00142455 DishonestFraudulent Transaction.pdf.gz (contains "WesBank Ref 00142455 DishonestFraudulent Transaction.pdf.exe")

MassLogger C2:
http://torlago.com/wp-owe/panel/

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36b4470e8a0698e0b504713f991292995aa36d135d55a1d83954c109608ab659/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 17:41:04 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g22eoduka2mobnieoe7zseustfnkg3itlvk2dwbzktaqsyekwzmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/36b4470e8a0698e0b504713f991292995aa36d135d55a1d83954c109608ab659

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 36b4470e8a0698e0b504713f991292995aa36d135d55a1d83954c109608ab659

(this sample)

MassLogger

Executable exe 4534997b5b146c7caebb2f398e7ea0f2bbf434af23155ad13b0acd09b0487325

  
Dropping
MD5 ae968565d7d2fe888a443791eef898ac
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4534997b5b146c7caebb2f398e7ea0f2bbf434af23155ad13b0acd09b0487325

Comments