MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 714a0e429dacb17ab2c03459024881547a8a36a76962f9869a72810f0e5bfbe9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 714a0e429dacb17ab2c03459024881547a8a36a76962f9869a72810f0e5bfbe9
SHA3-384 hash: 241dd961a96bc916570dee1d0ec80bdb6d3b3035d708b9208d8b65908632cae757e472da390cb8b779394c3f0a6c8adb
SHA1 hash: 72456ef98219ce74b316eec414ad5c44ee98b277
MD5 hash: 1c8e744306406e20928ab8996018a057
humanhash: mississippi-magnesium-beryllium-carolina
File name:bank_swift_U15789467HDG.iso
Download: download sample
Signature MassLogger
Create hunting rule
File size:2'174'976 bytes
First seen:2020-06-08 06:58:36 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 49152:nVg5tQ7a63Ismk68Kj4IRS/x6SGzYhY5:Vg56FdC9u/GzY
TLSH 81A5E02323DD8365C37E5173BA1577016EBBF82506A1F4772FA8C93CAA201215E1E66F
Reporter abuse_ch
Tags:iso MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: rakco.com.sa
Sending IP: 45.138.172.165
From: Kazem Al-Sharif<haitamaltaweel@rakco.com.sa>
Subject: Payment transfer/bank swift
Attachment: bank_swift_U15789467HDG.iso (contains "bank_swift_U15789467HDG.exe")

MassLogger SMTP exfil server:
mail.protenginstalacoes.com.br:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 02:13:40 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=offa4qu5vsyxvmwagrmqesebkr5iunvhnfrptbu2okaq6ds37puq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

iso 714a0e429dacb17ab2c03459024881547a8a36a76962f9869a72810f0e5bfbe9

(this sample)

MassLogger

Executable exe d9d166ad30417f3158f7228c54985f97fe502523f910f14fbc5f7fb729c85e56

  
Dropping
MD5 980f255124311d6d9a3b2854badb133c
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d9d166ad30417f3158f7228c54985f97fe502523f910f14fbc5f7fb729c85e56

Comments