MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2732b21dd81ef941e466656fe2f9e424abdfcd4dc1bf9798014adc5916c47a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2732b21dd81ef941e466656fe2f9e424abdfcd4dc1bf9798014adc5916c47a4
SHA3-384 hash: 36756d8632fd2b241f52eed12ed16700ec770d603cf6dfd0d7c085a641f620b7c2a6c9dee996348b75383caf35ef431b
SHA1 hash: 458dbbf7659772b6d0869c405295d0d0875e9fcb
MD5 hash: 3fc463023102b74cf08dcc04af1b358e
humanhash: yankee-ink-neptune-twelve
File name:Proforma invoice.xz
Download: download sample
Signature MassLogger
Create hunting rule
File size:881'491 bytes
First seen:2020-08-06 05:05:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:QXy9y+4yQJKEAHwUC8Bgpsk1/iQSqY3esg9:p9y+bQxmwUC8OpsktiCY3Q
TLSH F51533198DBB030EBA142B8138D9E3D01D9DA8ABDA75781EC551BCB00E3D785E8757BC
Reporter abuse_ch
Tags:MailChannels MassLogger xz


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: dog.birch.relay.mailchannels.net
Sending IP: 23.83.209.48
From: market@newamstar.com
Subject: PROFORMA INVOICE
Attachment: Proforma invoice.xz (contains "Proforma invoice.exe")

MassLogger SMTP exfil server:
mail.sbrenind.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.29c4e4ad7504651c.23323.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2732b21dd81ef941e466656fe2f9e424abdfcd4dc1bf9798014adc5916c47a4/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 05:07:05 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ujzswio5qhxzihsgmzlp4l46ijfl37gu3qn7s6macsw4lelmi6sa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/a2732b21dd81ef941e466656fe2f9e424abdfcd4dc1bf9798014adc5916c47a4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip a2732b21dd81ef941e466656fe2f9e424abdfcd4dc1bf9798014adc5916c47a4

(this sample)

MassLogger

Executable exe 14a6d8b3111df647667bfe418bfd55354a13e1b7b3f69e229d9495dc6fd6ab34

  
Dropping
MD5 29c4e4ad7504651cf1b82d2e5f6f3916
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 14a6d8b3111df647667bfe418bfd55354a13e1b7b3f69e229d9495dc6fd6ab34

Comments