MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b84e88b678f4f9984de9c8265b07e7dfdf1fce4d670df6444c9108ca11e74b47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	b84e88b678f4f9984de9c8265b07e7dfdf1fce4d670df6444c9108ca11e74b47
SHA3-384 hash:	926ca197cd9109cecc8ad50a56698f919d3f2e5cf4d0ca31d22e23ac881b13f1d3897bb7caefd076143aaf3ed1435994
SHA1 hash:	afbd85d59302f6d7df4ebf7ab66aeb86db8cf289
MD5 hash:	d0872e890cef3c7638b2352ed6c456a6
humanhash:	charlie-cup-nine-uncle
File name:	List of new order.zip
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	905'498 bytes
First seen:	2020-06-10 11:40:29 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:mhRsJth6jQ27vCwzeBQg/RV25VM+A96Z8j3nqVyAX+D:LMQEvCqkf87XSjXqZ6
TLSH	3315336245B93021CD3F350576D4B2F2DDA32E50670CA322FF6CFE958F915240AA9B3A
Reporter	abuse_ch
Tags:	geo MassLogger TUR zip

abuse_ch

Malspam distributing MassLogger:

HELO: pl1.azuni.net
Sending IP: 37.26.26.70
From: info@tsmglobal.com.tr
Subject: Re: Yeni sipariş,
Attachment: List of new order.zip (contains "Order.exe")

MassLogger C2:
http://bestemys.com/cgi/ddssf4-40wsdd5-c5ae87-d59224-bc555d-d2379d-26222db-3152322/upload.php