MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13ff62dda5cd8740688d2d590b7be566b59a091e224ffd87b95d8a18a699c9e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13ff62dda5cd8740688d2d590b7be566b59a091e224ffd87b95d8a18a699c9e2
SHA3-384 hash: baee8925e8e4773748aea1e81cc355fa7930982895a57cc34c797ad250cd760e0bf656d8f4fc4f30cef99c15cd0909f3
SHA1 hash: 8f54e0ff90e6be71b45fa66200ff0626215e17fe
MD5 hash: 6a54263c542af95042863d6ad4b585b0
humanhash: yankee-illinois-dakota-illinois
File name:Requirements.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:816'335 bytes
First seen:2020-06-17 06:10:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:TZQgt0/y7iH0cLgFO6rdO2dYbRk4LpAVbxMbsN9WAo0lqhGM6:dQUc0EePYbRNNow0lFM6
TLSH 2D0533EBEAE808AFE775E38080965D0F4E6594CF613B6DA51DC1E67E119A82F140FD30
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: [37.49.230.115]
Sending IP: 37.49.230.115
From: Vince Chen <vince@leader-associates.com>
Subject: RE: New Repeat Order
Attachment: Requirements.rar (contains "5dQ059XJaN0q3xQ.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 06:11:06 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cp7wfxnfzwdua2enfvmqw67fm22zuci6ejh73b5zlwfbrjuzzhra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 13ff62dda5cd8740688d2d590b7be566b59a091e224ffd87b95d8a18a699c9e2

(this sample)

MassLogger

Executable exe 562dc6b24ea581f4f285a016cab0f8243d80dfae6fb484d38533ba29972cf644

  
Dropping
MD5 86a25b45fd2bf184faf842a47f3ec090
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 562dc6b24ea581f4f285a016cab0f8243d80dfae6fb484d38533ba29972cf644

Comments