MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 054e035a21ebf7a7388516eac40f6d6c484db3e33ef41cbfc9e75fb71204daf0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 054e035a21ebf7a7388516eac40f6d6c484db3e33ef41cbfc9e75fb71204daf0
SHA3-384 hash: cf7b8fcce038569ba7c9dbf94cd0a44ab3d15bb15d97c672aa96db9b789b8575a8b7ed950a6f715e8c19da4d2499cb59
SHA1 hash: f92dc79ac2d0c546dd9d9a590727559296babc15
MD5 hash: 9a7b537d38f8123a1c8d428191ab725c
humanhash: mexico-minnesota-eighteen-wyoming
File name:New Order Inquiry.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'083'698 bytes
First seen:2020-11-05 10:08:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:VQIpNkPTFQOzyNzOd5iHsgBfywwhmWRa0WThqVZcqyztbKbne:tpN2lzyNzOXEsqKwwwWcNFqVZje
TLSH AC35337F5B76BBBB3DE679941619E943321C171A2D0265F1D3082D88A5BCDD3AF0A08C
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ect.ecttelecom.com
Sending IP: 192.232.226.101
From: info <Luigi.Papalini@entrematic.com>
Subject: New Order Inquiry...
Attachment: New Order Inquiry.zip (contains "New Order Inquiry.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22623.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/054e035a21ebf7a7388516eac40f6d6c484db3e33ef41cbfc9e75fb71204daf0/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 00:36:24 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=avhagwrb5p32ooefc3vmid3nnree3m7dh32bzp6j45p3oeqe3lya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 054e035a21ebf7a7388516eac40f6d6c484db3e33ef41cbfc9e75fb71204daf0

(this sample)

MassLogger

Executable exe d5e739d5b929d725d105c7f3f86cc7fb6466a909d44dabfcec4cece348f985c4

  
Dropping
MD5 3b92ff1ab503baadf0ff939287f7ab2c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d5e739d5b929d725d105c7f3f86cc7fb6466a909d44dabfcec4cece348f985c4

Comments