MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a2ad007a5eea810965e4d2f188c7f483f16486757f58bbd1b26ad077d4329b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a2ad007a5eea810965e4d2f188c7f483f16486757f58bbd1b26ad077d4329b2
SHA3-384 hash: d2810256676191527bcd54876cb64393519173624b5f6296c790a67305c2734a756f590af7974d9e5faad90cc3302070
SHA1 hash: d56b07676ada903f17e53b053f455764508db3fd
MD5 hash: 0d6999f4c142774c1150b29a82afb0a5
humanhash: berlin-arkansas-montana-delta
File name:0909000000000080.arj
Download: download sample
Signature MassLogger
Create hunting rule
File size:895'897 bytes
First seen:2020-06-18 16:04:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:cWQDS0n49vyMjOPCGS1VID7rbK/nz9Z/mYEVK7Ml:cWQDh49vyMjsCGSgHrbQnpwYCBl
TLSH CA1533B018B3FC7585635FE5E864CC88F707B2EDD4314E956186ED222D0AC3EACE5869
Reporter abuse_ch
Tags:arj MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: [185.234.219.109]
Sending IP: 185.234.219.109
From: fabio.materia@cranepi.com
Subject: extracto de factura 2020
Attachment: 0909000000000080.arj (contains "0909000000000080.exe")

MassLogger SMTP exfil server:
mail.ereglitso.org.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 16:36:01 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=divnab5f52ubbfs6juxrrdd7ja7rmsdhk72yxpi3e2wqo7kdfgza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 1a2ad007a5eea810965e4d2f188c7f483f16486757f58bbd1b26ad077d4329b2

(this sample)

MassLogger

Executable exe 69a3a2bc5ad99e27fad0546f6cf90ca633dc971979987314b0032e1eb67f1a3b

  
Dropping
MD5 902795af5618d964c0f4c9f1dc286abf
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69a3a2bc5ad99e27fad0546f6cf90ca633dc971979987314b0032e1eb67f1a3b

Comments