MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06602b2ac3758c447ecfd08cc6796b6d00ce48318898251f340a8a7bb6c2fc13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06602b2ac3758c447ecfd08cc6796b6d00ce48318898251f340a8a7bb6c2fc13
SHA3-384 hash: be64de6e62e8c02aa6fde50140fefc900504db3f6e459b65e17d0989b209109ed5bb054fa98d18f03480d35a8a1871b1
SHA1 hash: 70841158faaad0d744e995a4b9f90a61abccb15d
MD5 hash: 8c061b51be84c9a9bc48e6fa52a36143
humanhash: bluebird-glucose-nitrogen-glucose
File name:Bper Banca_Copia del Pagamento.pdf.tar
Download: download sample
Signature MassLogger
Create hunting rule
File size:432'640 bytes
First seen:2025-09-24 11:50:23 UTC
Last seen:Never
File type: tar
MIME type:application/x-tar
ssdeep 12288:1JqmJRKjWu8uKE+vKx188sPBGKZAxvx8on:/qmJYjWu8ZvmOP0XfD
TLSH T11A94E1725DC4A9DBCA1EFF39C1A7664E2293DDBE387021CD36632ED89B6F001951B901
TrID 62.9% (.TAR/GTAR) TAR - Tape ARchive (GNU) (17/3)
37.0% (.TAR) TAR - Tape ARchive (file) (10/3)
Magika tar
Reporter JAMESWT_WT
Tags:BPERBanca MassLogger Spam-ITA tar Telegram

Intelligence

File Origin
# of uploads :
1
# of downloads :
414
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Bper Banca_Copia del Pagamento.pdf.bat
File size:430'630 bytes
SHA256 hash: ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223
MD5 hash: ff6680d713370bfafd4ceca29ffd9854
MIME type:text/plain
Signature MassLogger
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Tar_fs3633.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Other.Malware-gen.1426.18342.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d53f8a1e4783989051d011
Tags:
obfuscated xtreme shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 batch evasive masquerade obfuscated powershell
Link:
https://www.filescan.io/uploads/68d3db1174e5a2898990e3f2/reports/080a8849-98a2-4279-9354-1c2176dfb5f0/overview
Verdict:
Suspicious
Labled as:
Mal/DrodTar
Link:
https://www.hybrid-analysis.com/sample/06602b2ac3758c447ecfd08cc6796b6d00ce48318898251f340a8a7bb6c2fc13
Verdict:
Malicious
File Type:
tar
First seen:
2025-03-21T07:19:00Z UTC
Last seen:
2025-03-21T07:19:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/06602b2ac3758c447ecfd08cc6796b6d00ce48318898251f340a8a7bb6c2fc13/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/06602b2ac3758c447ecfd08cc6796b6d00ce48318898251f340a8a7bb6c2fc13
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Tar Archive
Link:
https://app.malva.re/file/8c061b51be84c9a9bc48e6fa52a36143
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06602b2ac3758c447ecfd08cc6796b6d00ce48318898251f340a8a7bb6c2fc13/
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2025-09-11 04:35:27 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:donutloader family:masslogger collection discovery execution loader spyware stealer
Link:
https://tria.ge/reports/250924-qfs8cahk8z/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Accesses Microsoft Outlook profiles
Command and Scripting Interpreter: PowerShell
Looks up external IP address via web service
Detects DonutLoader
DonutLoader
Donutloader family
MassLogger
Masslogger family
Malware Config
C2 Extraction:
https://api.telegram.org/bot7683578727:AAGHv8F-LWikLvCw3KuFjIg0jf8AdOWe7aI/sendMessage?chat_id=1149967757
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/06602b2ac3758c447ecfd08cc6796b6d00ce48318898251f340a8a7bb6c2fc13

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments