MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 843448ce9ea61df0be53c856964eafe2a57e9ee30e0ba23655c5ff0e2cffbf99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 843448ce9ea61df0be53c856964eafe2a57e9ee30e0ba23655c5ff0e2cffbf99
SHA3-384 hash: fdf8b5f53a2860355d2987af3c91b289c64ce4a35711a3fb87f29eb2d0c2bd30208eae888c2b55c9f0d22775cf374499
SHA1 hash: 8d22582faa4361e180a7ccd240f7f176ab00df11
MD5 hash: fbe5e754c26ad7510d30603d8866f1cb
humanhash: twenty-undress-earth-mountain
File name:Sales note PO53.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:780'281 bytes
First seen:2020-07-09 07:40:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:IFu6wK7px9YxO+wN1Xq3aCIi0vuzJ/dKKPjH6zFPza0F73gNK4aKhnQ3JIoXPJ0g:IRw09Y5anvuzJBH6zF5QNtaAQZISGbs
TLSH D8F433D4FCDF5C8C6B9C8815770B544CEA61C6D259358F8F029AAFAC672093AB913837
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: ganadorme.com
Sending IP: 185.118.166.142
From: procurement2@ganadorme.com
Subject: Ganadorme Products Order
Attachment: Sales note PO53.zip (contains "Sales note PO53.exe")

MassLogger SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/843448ce9ea61df0be53c856964eafe2a57e9ee30e0ba23655c5ff0e2cffbf99/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 07:42:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qq2ertu6uyo7bpstzbljmtvp4ksx5hxdbyf2ensvyx7q4lh7x6mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 843448ce9ea61df0be53c856964eafe2a57e9ee30e0ba23655c5ff0e2cffbf99

(this sample)

MassLogger

Executable exe 1c2f10aaf4e8b9a9e90316e8b470616bac893609cd85374cb11bb4a1a3971e5b

  
Dropping
MD5 3e414d89b9f98f4cc6c5988634791c0a
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c2f10aaf4e8b9a9e90316e8b470616bac893609cd85374cb11bb4a1a3971e5b

Comments