MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 169e12b7649dbcd068ae831147a4a8d06d8467c85b8b0490a2bc54ad143347e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 169e12b7649dbcd068ae831147a4a8d06d8467c85b8b0490a2bc54ad143347e5
SHA3-384 hash: 787c88c3685fec6cb0074c5f72b4c9066abac32563f9579c34cc816e2ec9cffd064bae7b22f49bb199bb9ab57e52b3ba
SHA1 hash: 09607298a8d50b54f70496b813f76ba30d001f64
MD5 hash: 70720374447c5185364273ca2efd480b
humanhash: red-south-alanine-illinois
File name:purchase order.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:643'051 bytes
First seen:2020-07-13 06:26:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:mHZSauSCNf0zNMzAN4hEOVNKqARTLFCN87t4Y4Dvoq4Pre:HS+qezvEUyTLVuYkwq4ze
TLSH 0ED423FB21AF92F0A316BF7C27D0C914F502824828945DDEEB257BDBAC4B607488954F
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: janasi.com
Sending IP: 185.144.28.112
From: Townsend<ajit@janasi.com>
Subject: purchase orderr
Attachment: purchase order.zip (contains "purchase order.exe")

MassLogger SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20909.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/169e12b7649dbcd068ae831147a4a8d06d8467c85b8b0490a2bc54ad143347e5/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:28:08 UTC
AV detection:
36 of 47 (76.60%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c2pbfn3etw6na2foqmiupjfi2bwyiz6ilofqjefcxrkk2fbti7sq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 169e12b7649dbcd068ae831147a4a8d06d8467c85b8b0490a2bc54ad143347e5

(this sample)

MassLogger

Executable exe 420541ff7ab7f97d2110f9c2f2488087c0d2f9e577fa5e55c73eebf4f5416bbc

  
Dropping
MD5 3c55253fc699ca4f3aa7b5f39796e82c
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 420541ff7ab7f97d2110f9c2f2488087c0d2f9e577fa5e55c73eebf4f5416bbc

Comments