MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c0d8b06a7d7137825e38f43e21404cda81293a4b337690e45114bcfe5847b41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c0d8b06a7d7137825e38f43e21404cda81293a4b337690e45114bcfe5847b41
SHA3-384 hash: c594657f12eb1220e5152c3cc65cc11b5a7d5df064c25f402c3120cf10645b5bfdc30549da76bddc31e0deca23f1b8da
SHA1 hash: b8fb27c2117aa9e1e8059426ae78acfc9c965bf0
MD5 hash: d2ea5832796382aa913db848378cb487
humanhash: nebraska-double-jupiter-minnesota
File name:MASSBILL.LZH
Download: download sample
Signature MassLogger
Create hunting rule
File size:767'525 bytes
First seen:2021-02-06 00:26:44 UTC
Last seen:2021-02-09 14:32:45 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:EqhghurJeyCkpaiA13Zi6DRRHSCXHGrKkfQpqEWSuJlEP8CR:IErEybdA1J/3HSC3GrKkSTF
TLSH 2BF423BC62610732D0CC7AFB51CB303BA48D6DD9B167E8D455338A6BCB249B9D24B12C
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
6
# of downloads :
245
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.6999.22632.5255.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c0d8b06a7d7137825e38f43e21404cda81293a4b337690e45114bcfe5847b41/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2021-02-05 04:44:21 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bqgywbvh24jxqjpdr5b6efaezwubfe5ewm3wsdsfcff47zmepnaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c0d8b06a7d7137825e38f43e21404cda81293a4b337690e45114bcfe5847b41

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 0c0d8b06a7d7137825e38f43e21404cda81293a4b337690e45114bcfe5847b41

(this sample)

MassLogger

Executable exe d25dcb3b16529c18136847b6e4b1ce35f63f29d28722a8030fb47eaaf11f5363

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d25dcb3b16529c18136847b6e4b1ce35f63f29d28722a8030fb47eaaf11f5363
  
Dropping
MD5 a7ea06e5e4b78c2a97afab0106bddebb

Comments