MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 560a0f75df71d4870f4dc8baebde68372178b3c9112b849a1a6f4995a99e2958. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 560a0f75df71d4870f4dc8baebde68372178b3c9112b849a1a6f4995a99e2958
SHA3-384 hash: 34ce577a0c7969f9f388a76007197c3887e8e29645a541bbe3ab3ee644bec39652de7565721d39f42b2b5959a1505a15
SHA1 hash: 81568d257944210a87942095dbcedcf6373d5eef
MD5 hash: eb13e1642d04562edcc3125290ae7974
humanhash: tennessee-harry-april-violet
File name:RFQ_ NEW ORDER 5768.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:662'779 bytes
First seen:2020-06-24 06:57:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:gR3o+JXaYvyzqsiXlLytRY45+j+notL3pW7JwSvrwV+MZyeO13AoKquC/3yVp4RT:A4gVyzqBFSYc0TtLcJ9vrteU3AQ/3yPO
TLSH 60E4231EBDD6EBB3276F91BC7BCA08F90D93951F2127940A7A23C712265273FD806254
Reporter abuse_ch
Tags:HostGator MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: qproxy5-pub.mail.unifiedlayer.com
Sending IP: 69.89.21.30
From: AMIGO Tech Industries <supertechfc@gmail.com>
Subject: RE: RFQ 60 MT SI#AC2019-0327
Attachment: RFQ_ NEW ORDER 5768.rar (contains "Oypy7XYBTMuI7M2.exe")

MassLogger SMTP exfil email address:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/560a0f75df71d4870f4dc8baebde68372178b3c9112b849a1a6f4995a99e2958/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 06:59:03 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kyfa65o7ohkiod2nzc5oxxtig4qxrm6jcevyjgq2n5ezlkm6ffma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 560a0f75df71d4870f4dc8baebde68372178b3c9112b849a1a6f4995a99e2958

(this sample)

MassLogger

Executable exe f0176393025bb51cbf9ac3e0d457ab89e129d90583fa103ff9db794687787715

  
Dropping
MD5 fcada174c3065750b2fbf81594987216
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f0176393025bb51cbf9ac3e0d457ab89e129d90583fa103ff9db794687787715

Comments