MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b37bd62a9afc7d543f7feeef367d16b938dcb46780d1ab7e26f13b749e3e2f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b37bd62a9afc7d543f7feeef367d16b938dcb46780d1ab7e26f13b749e3e2f7
SHA3-384 hash: 1ba8e6941cc211666c3763d1e928a47e8b29d46b653874bf727aaf274c5656aa5284815b58ced72d1c4ecedeb96b5bb5
SHA1 hash: 2f166fad9ccf81626def71e22b69eba5ea59d6ff
MD5 hash: ad49f380cae2e9d37fc98c7425c8acaa
humanhash: uniform-mike-football-music
File name:Delivery Note - AWD 200038485852- 234920300333.r00
Download: download sample
Signature MassLogger
Create hunting rule
File size:672'662 bytes
First seen:2020-10-27 13:00:01 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:ro/dzHbi3oi8NIc5i/jVGcE9uscFpRpaFmgth5oBd3Ssr8kwbm1+97heEw:rMz7koDNI2eVGR9us0p87E3Si8kwdel
TLSH 59E423A0BF7F9D2869AE7618703CE569DC620D73012FB33AA4D644B3B891095E764F41
Reporter abuse_ch
Tags:DHL MassLogger r00


Avatar
abuse_ch
Malspam distributing MassLogger:

From: "noreply@dhl.com" <marrimacy_dhl@gmail.com>
Subject: DHL Shipping Notification
Attachment: Delivery Note - AWD 200038485852- 234920300333.r00 (contains "Delivery Note - AWD 200038485852- 234920300333.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b37bd62a9afc7d543f7feeef367d16b938dcb46780d1ab7e26f13b749e3e2f7/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 09:28:06 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dm332yvjv7d5kq7x73xpgz6rnojy3s2gpagrvn7cn4j3ospd4l3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MassLogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1b37bd62a9afc7d543f7feeef367d16b938dcb46780d1ab7e26f13b749e3e2f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 1b37bd62a9afc7d543f7feeef367d16b938dcb46780d1ab7e26f13b749e3e2f7

(this sample)

MassLogger

Executable exe 982c1c1db5ea18b83cdeb2f91672d093ff3258154c88334ed09dd736cb84c2d8

  
Dropping
MD5 4182262018137289aafea7b30352b6dc
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 982c1c1db5ea18b83cdeb2f91672d093ff3258154c88334ed09dd736cb84c2d8

Comments