MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 143fc4f41e78ab2beed03ed99c7c819170e2a8a4e1a881956db01cd269aaa461. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 143fc4f41e78ab2beed03ed99c7c819170e2a8a4e1a881956db01cd269aaa461
SHA3-384 hash: 9d99b79c9889d2f7470c8d769a1e0d69f6b021e4e474283805937dc84d4e5e061ae71a5672c5d327bc7c3f0d36bbe510
SHA1 hash: e4f631bb46d5f8fdb5ff1acc4f3a075f8d718329
MD5 hash: f6c7f1d8f043a222ccf3db76854d9d71
humanhash: yellow-cold-seventeen-beryllium
File name:Payment Advice.7z.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:11'481 bytes
First seen:2020-12-02 12:42:55 UTC
Last seen:2020-12-10 07:52:49 UTC
File type: zip
MIME type:application/zip
ssdeep 192:k7tA2HtALu9+43pN62IMOhYTLHjs1z6+o8PdB5BIbYkjbpuh2ZW:k7thHtAiYwyz/hYTgE8FB5ebFbpu2ZW
TLSH DF32C040F657B50A95040CF1858741370E89673B1B236813D529BEE84BB97738CFB0B5
Reporter cocaman
Tags:MassLogger zip


Avatar
cocaman
Malicious email (T1566.001)
From: "HSBC <info@kansan.com>" (likely spoofed)
Received: "from mail.good-hills.co.jp (www18057ui.sakura.ne.jp [153.120.2.71]) "
Date: "02 Dec 2020 04:13:29 -0800"
Subject: "Payment Advice - Ref: HSBC99002992/17112020"
Attachment: "Payment Advice.7z.zip"

Intelligence

File Origin
# of uploads :
22
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs812.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.ArtemisTrojan.10031.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20774.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/143fc4f41e78ab2beed03ed99c7c819170e2a8a4e1a881956db01cd269aaa461/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-02 12:43:04 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cq74j5a6pcvsx3wqh3mzy7ebsfyofkfe4guidflnwaone2nkurqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/143fc4f41e78ab2beed03ed99c7c819170e2a8a4e1a881956db01cd269aaa461

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 143fc4f41e78ab2beed03ed99c7c819170e2a8a4e1a881956db01cd269aaa461

(this sample)

MassLogger

Executable exe e39ed8bfee05ab6d964885748f4800bf955b47b59002213e34e5b9d331882b98

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e39ed8bfee05ab6d964885748f4800bf955b47b59002213e34e5b9d331882b98
  
Dropping
MassLogger
  
Dropping
MD5 361662a43b699d9ec3cdfd282ae7d223

Comments