MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78d50b06cbff4ec03c94e8d0a696dfd0f241345cc4ca8af9f8b47ea4d262e44e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78d50b06cbff4ec03c94e8d0a696dfd0f241345cc4ca8af9f8b47ea4d262e44e
SHA3-384 hash: f231cddc6edbcf3162e209c19324c88bb68d86fd9686ee309d1ef0a59fadc7dc44f8940ca39ea0e1d27562b52c71d817
SHA1 hash: 40edb955c2cda0491a1c5612046d83d3b5717e04
MD5 hash: 9bb53b6b7b6d40335c949d54138ba5f4
humanhash: bravo-pip-oranges-mirror
File name:COTIZACION_00957342.cab
Download: download sample
Signature MassLogger
Create hunting rule
File size:615'481 bytes
First seen:2020-08-04 13:26:44 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:SdChJdyNcI0cZtg4rqQtpMUGNnIDuMJMIU/9qPXn0cjFeeCTUaPRegW24GWXrqrk:SBzbrqQtpMUGVQuPDVqP31seCAaP0h24
TLSH FAD423D839024928D37E9D7B553AE2FD3DFA74DAD32650530660106EF281F68393D8AB
Reporter abuse_ch
Tags:cab HostGator MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gateway33.websitewelcome.com
Sending IP: 192.185.146.195
From: Mariela Cortés <almacenlima@memorykings.com.pe>
Subject: SOLICITUD DE COTIZACION
Attachment: COTIZACION_00957342.cab (contains "COTIZACION_00957342.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FVK346AD0DA8BBA.15218.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78d50b06cbff4ec03c94e8d0a696dfd0f241345cc4ca8af9f8b47ea4d262e44e/
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 13:28:06 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pdkqwbwl75hmapeu5diknfw72dzecnc4ytfiv6pywr7kjutc4rha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/78d50b06cbff4ec03c94e8d0a696dfd0f241345cc4ca8af9f8b47ea4d262e44e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

cab 78d50b06cbff4ec03c94e8d0a696dfd0f241345cc4ca8af9f8b47ea4d262e44e

(this sample)

MassLogger

Executable exe 987e0b5d35a989d7eff88f7aed06a643e18d500266871e9e1cb901ed8f3d484a

  
Dropping
MD5 346ad0da8bba2ed954a6b550c11674d5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 987e0b5d35a989d7eff88f7aed06a643e18d500266871e9e1cb901ed8f3d484a

Comments