MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f61786d9a8bde45176d12a9d16a99c7d8e62dddd5138faa0ec38d6810bbb3269. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f61786d9a8bde45176d12a9d16a99c7d8e62dddd5138faa0ec38d6810bbb3269
SHA3-384 hash: 7388fbbe1eb9954c3671e08527e82225068c4e1afb93f919f718c0f06b4ec453e37fe7373b6749c8a16d3a8288f78e03
SHA1 hash: 381018c0b8c4f21fcb474585b46be950f45bf3d6
MD5 hash: c82f5a04ae02b1768d5e6278856bbb62
humanhash: california-foxtrot-three-item
File name:QUOTE PRICES IN USD.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:869'325 bytes
First seen:2020-08-11 11:51:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:AHpDOYn4oYWCCe2OvfqpWzpIqGoPuL/E6:EdbCCnaCWzpIPhP
TLSH B10533EA29F973473FDF8B4E041B32C75F069BA0B08156CA5DE6A4D3534BCF499588A0
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mailsnd1.chol.com
Sending IP: 203.252.1.122
From: dwmetal <dwmetal@chol.com>
Subject: RE:RE
Attachment: QUOTE PRICES IN USD.zip (contains "QUOTE PRICES IN USD.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis1120A77CF247.24631.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f61786d9a8bde45176d12a9d16a99c7d8e62dddd5138faa0ec38d6810bbb3269/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-11 11:53:11 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ylynwnixxsfc5wrfkornkm4pwhgfxo5ke4pvihmhdlicc53gjuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/f61786d9a8bde45176d12a9d16a99c7d8e62dddd5138faa0ec38d6810bbb3269

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip f61786d9a8bde45176d12a9d16a99c7d8e62dddd5138faa0ec38d6810bbb3269

(this sample)

MassLogger

Executable exe 02fcb6cdd4b61cbf7f40448784a36d0067e618cac935aebf6fd6f482af076ba3

  
Dropping
MD5 1120a77cf247c7280324fbe983c116b9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 02fcb6cdd4b61cbf7f40448784a36d0067e618cac935aebf6fd6f482af076ba3

Comments