MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e5fa4ba917e4e478bbbd3f5c3b816e3ade490a5762254ce63d3f3629d88dd44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e5fa4ba917e4e478bbbd3f5c3b816e3ade490a5762254ce63d3f3629d88dd44
SHA3-384 hash: c6fe67dc3c1c3edb1db5c0067e3da75f6b93b9587dcafa286347a7b10807738a2181a8ab3782dc90fdbf83383f69ce1b
SHA1 hash: 1b5ccb125a18ea714c6ae1c5fab50d6fa79b5bf0
MD5 hash: cbf3469b764477093477ee784daf5f8c
humanhash: echo-neptune-potato-pasta
File name:3246744-28-06.CAB
Download: download sample
Signature MassLogger
Create hunting rule
File size:620'867 bytes
First seen:2020-06-28 07:56:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:8fqgOtcowlzewXTw6zht07VqVWy2dQhAA29YNecKgUtX2BpKUUk:8fqHttkVjZzh670VWfdu4GecqtX2BpKo
TLSH 2FD423E0F14FD409C4EB6A537E9303998949CA07EB5E2A5719185E626FEAD483CCF24C
Reporter abuse_ch
Tags:cab MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: slot0.rebelliongate.xyz
Sending IP: 45.95.169.223
From: Customs Finance Department<noreply@dubaicustoms.ae>
Subject: Document Submission Notification - 28-06-2020
Attachment: 3246744-28-06.CAB (contains "3246744-28-06.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.a60ca849b4d24906.25482.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9e5fa4ba917e4e478bbbd3f5c3b816e3ade490a5762254ce63d3f3629d88dd44/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tzp2jourpzhepc532p24hoaw4ow6jeffoyrfjttd2pzwfhmi3vca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 9e5fa4ba917e4e478bbbd3f5c3b816e3ade490a5762254ce63d3f3629d88dd44

(this sample)

MassLogger

Executable exe b51612fb244526a66524e234ccae2d57f1c98a37080fd94664626bcdcf6c4bbb

  
Dropping
MD5 a60ca849b4d2490671b6e54a97b09e87
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b51612fb244526a66524e234ccae2d57f1c98a37080fd94664626bcdcf6c4bbb

Comments