MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1727a14db0f2a3ad3faf81d46529a2248bb849173931038e2039e196b144c982. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1727a14db0f2a3ad3faf81d46529a2248bb849173931038e2039e196b144c982
SHA3-384 hash: 8107cec703a39675bdb6137ac51ab77759e015c03f67d08c1dd8942d1f59a3ed8683112af2bf4e46057229a86e762461
SHA1 hash: 7a3d75e0d94c2ca752d3ff80f71c24a5892e34c3
MD5 hash: 1143b1d007139af267305dbdbe132e3b
humanhash: mockingbird-avocado-uranus-spaghetti
File name:Swift Copy_G3181992.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:769'263 bytes
First seen:2020-11-07 10:22:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:NQ/Dnj/ndoZ5r2UVZwhvyV5vxmdrDLvQEnPDngaiKT+vKGVyto7YM0b056i:8X2n6cOhvyLvxGMcbgGT6KGUa8bvi
TLSH A1F423ED6975D777CCF42674C3338E38EB1DB2AB1E17006A691231DBAB3A8A50D67500
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: srv.kibriswebhizmetleri.com
Sending IP: 213.159.5.124
From: Alzamora Moretti <moretti.alzamora@quinorsrl.com>
Subject: RE: Payment Advice - 13072020 - Ref -5674832939
Attachment: Swift Copy_G3181992.rar (contains "Swift Copy_G3181992.exe")

MassLogger SMTP exfil server:
mail.sivaafi.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1727a14db0f2a3ad3faf81d46529a2248bb849173931038e2039e196b144c982/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 17:34:24 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c4t2ctnq6kr22p5pqhkgkkncesf3qsixheyqhdrahhqznmkezgba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 1727a14db0f2a3ad3faf81d46529a2248bb849173931038e2039e196b144c982

(this sample)

MassLogger

Executable exe 586eadfc1fef3d64e165d65502aa2e27ef8a4ab4079ac1e4d96d4f65e0126a6f

  
Dropping
MD5 aa0395392af872a102639c8b0197b97a
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 586eadfc1fef3d64e165d65502aa2e27ef8a4ab4079ac1e4d96d4f65e0126a6f

Comments