MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04a2cc2016d24c4e1f3645a6dd285449c78185f192781b59c7f23696bd5dc7e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04a2cc2016d24c4e1f3645a6dd285449c78185f192781b59c7f23696bd5dc7e7
SHA3-384 hash: 9d41073c42e279836a912540c41f756efcd7cbe0c17eb2aa0318855b9ce4683f9a32fce44ac384228452170eb81cbd2f
SHA1 hash: 812862c0fc191e2c209c79117c948c1a5a2cdc45
MD5 hash: 979c0ac57d6319ca30ea26ce6424fe1d
humanhash: mirror-carpet-nevada-golf
File name:NEFTSBIN220227540696.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:859'731 bytes
First seen:2020-08-17 19:03:30 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:wA5D5rO4h4RFvMqNOnTlx8++4PAIgW5U9tbvLos:wC51h4RFNNOnTlx8w4Igftb9
TLSH 840533E502772937F4CD904296BE87FE9BA1145007267F968423E634F1DA2E04FDAE8D
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: indusind.com
Sending IP: 185.222.57.136
From: IndusInd Bank <IndusInd_Bank@indusind.com>
Subject: IndusInd Bank Transaction Alert
Attachment: NEFTSBIN220227540696.gz (contains "NEFTSBIN220227540696.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BScope.Trojan.Crypt.5088.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04a2cc2016d24c4e1f3645a6dd285449c78185f192781b59c7f23696bd5dc7e7/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 19:05:06 UTC
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=asrmyiaw2jge4hzwiwtn2kcujhdydbprsj4bwwoh6i3jnpk5y7tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/04a2cc2016d24c4e1f3645a6dd285449c78185f192781b59c7f23696bd5dc7e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 04a2cc2016d24c4e1f3645a6dd285449c78185f192781b59c7f23696bd5dc7e7

(this sample)

MassLogger

Executable exe 84742df4cd63ab373d601a9f4900b1b55f41ea5f48d93eaebb68b9fd4bf8235a

  
Dropping
MD5 d0b1268b6d2c57344550cb717497256d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 84742df4cd63ab373d601a9f4900b1b55f41ea5f48d93eaebb68b9fd4bf8235a

Comments