MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51e1ccab6a0fa7d4ba112fc58daaec419030f140c4fe9d5afa1ab01abd3fbd82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51e1ccab6a0fa7d4ba112fc58daaec419030f140c4fe9d5afa1ab01abd3fbd82
SHA3-384 hash: be685565852792b4bd157d0773ce024178803ba0f4e609cfc180f456700ca996a9f18b217a8fbdd77e966f7ba1a6a1af
SHA1 hash: f2b2fae321db4138fe081c07bf0a736cc0b027fd
MD5 hash: b02e076be3851a3d75a408e0e3ff7228
humanhash: september-snake-vermont-winter
File name:Bank Slip.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:729'860 bytes
First seen:2020-08-13 05:47:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:c+ZNI/2VzMuAGeSXmnaYqT7W0TJ25y1EYnc32v53fWElJHLe6mQQzmE7cPR:cINI/2VzM+e8YgnTJ2sVc3oVlle6mzaz
TLSH 2EF423C2E7069826D455EDAC7015FDF1ACF373D87BC219956A108FAF81C8AC6F45E828
Reporter abuse_ch
Tags:Hostwinds MassLogger zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hwsrv-760085.hostwindsdns.com
Sending IP: 104.168.148.163
From: Casey Shaw <iwalker@multipowerproducts.com>
Reply-To: iwalker@multipowerproducts.com
Subject: RE:RECIBO DE TRANSFERENCIA BANCARIA
Attachment: Bank Slip.zip (contains "xlArf4nClBvLTj0.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.405.5988.13335.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51e1ccab6a0fa7d4ba112fc58daaec419030f140c4fe9d5afa1ab01abd3fbd82/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 05:49:06 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=khq4zk3kb6t5joqrf7cy3kxmigidb4kayt7j2wx2dkybvpj7xwba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51e1ccab6a0fa7d4ba112fc58daaec419030f140c4fe9d5afa1ab01abd3fbd82

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 51e1ccab6a0fa7d4ba112fc58daaec419030f140c4fe9d5afa1ab01abd3fbd82

(this sample)

MassLogger

Executable exe 0ae98808b96b08f4de9c3c5cfdd54c2021c7fcd63b66965373c23a1376993831

  
Dropping
MD5 ac342ebf7c1a738caf7c05b3f29e0922
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ae98808b96b08f4de9c3c5cfdd54c2021c7fcd63b66965373c23a1376993831

Comments