MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f14f9d647c1ba1cb6ce66a1c0af0e196f6f7a6f99022c1f4e05f8831c35c3d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f14f9d647c1ba1cb6ce66a1c0af0e196f6f7a6f99022c1f4e05f8831c35c3d3
SHA3-384 hash: ac09f90b0057402e5dee6b3fc1cddce14db93bb89efa4f80c0f2d604a99f23f9666a9af61a2d1a4d41f90362ca71dae7
SHA1 hash: 9b1092b38f1b388b89cae28272510ba95d5e3799
MD5 hash: 898bf52907e36512c674890663e12568
humanhash: alpha-sink-rugby-arkansas
File name:Project Document A02057 NMB TYP PIP SPC 40000_REV_D Material Spec_scanned from a xerox printer002.im
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'638'400 bytes
First seen:2020-10-16 12:40:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:W6D4duH6V8mKFrgSjVSHujopFLZK9kdpBban0JB:bYquZKFrIcSFLM+pJz
TLSH 3E75BF62F2D18C77D16716F98C0B97DC7825BE102928694A3BE93D0C5F7E681342A2DF
Reporter abuse_ch
Tags:im MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: server.huawej.com
Sending IP: 92.53.104.225
From: AZHAR OSMAN <hairulazhar_osman@gmail.com>
Subject: EPCC FOR FFD PHASE 4A FACILITIES, NMB (DAHLIA, TERATAI & KANGSAR) - SUPPLY
Attachment: Project Document A02057 NMB TYP PIP SPC 40000_REV_D Material Spec_scanned from a xerox printer002.im (contains "PROJECT_.EXE")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Webalta-6912039-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1f14f9d647c1ba1cb6ce66a1c0af0e196f6f7a6f99022c1f4e05f8831c35c3d3/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 23:20:33 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d4kptvshyg5bznwom2q4blyodfxw66tptebcyh2oax4ighbvypjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1f14f9d647c1ba1cb6ce66a1c0af0e196f6f7a6f99022c1f4e05f8831c35c3d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img 1f14f9d647c1ba1cb6ce66a1c0af0e196f6f7a6f99022c1f4e05f8831c35c3d3

(this sample)

MassLogger

Executable exe 3f5ebf36b9ed89b4364063f68ce8a7dae8db6c37c206009ed5f3aaef1d2339e2

  
Dropping
MD5 6d98ca7b40765206430bef74cc5d1245
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3f5ebf36b9ed89b4364063f68ce8a7dae8db6c37c206009ed5f3aaef1d2339e2

Comments