MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2454c082b6cde635244090817f332b6f6ae034fa316b7d5a34671ac41ad18f7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2454c082b6cde635244090817f332b6f6ae034fa316b7d5a34671ac41ad18f7f
SHA3-384 hash: 4d89bdfc7b0ec6ee6f4bb2e4542f13b96295fb4a1320bcf131c05916d57cae215b8b4b7a271fc4f8600b52e09d04196e
SHA1 hash: a43b9e448cc4a909577ba8afa41b86e9e30fe1d2
MD5 hash: 977dc22e547f08b7e13fec404be22965
humanhash: nevada-louisiana-echo-queen
File name:Anfrage für ein Angebot.xz
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'008'048 bytes
First seen:2020-10-08 12:26:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:AJuHSiKFEnf5IyGw4Bio0r4bJN4wEUGXnGXNFfDpItXqRUXPb1ZUq:rHSiKF0BtGw4BRy4bP4w5Ge3rpqyWDcq
TLSH 0C25335355ADC326E40CB6D4F1D2E01F5E16109EDA2C8EBD8B10CD8E8E23991AD19DFB
Reporter abuse_ch
Tags:DEU geo MassLogger xz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: bix0.catalog-shopper.com
Sending IP: 194.15.36.48
From: Gaurav Bothra <offices@catalog-shopper.com>
Reply-To: <avx.shelby@gmail.com>
Subject: Angebotsanfrage
Attachment: Anfrage für ein Angebot.xz (contains "Anfrage für ein Angebot.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2454c082b6cde635244090817f332b6f6ae034fa316b7d5a34671ac41ad18f7f/
Threat name:
ByteCode-MSIL.Trojan.Sudloader
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 11:48:31 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=erkmbavwzxtdkjcascax6mzln5voanh2gfvx2wrum4nmigwrr57q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/2454c082b6cde635244090817f332b6f6ae034fa316b7d5a34671ac41ad18f7f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 2454c082b6cde635244090817f332b6f6ae034fa316b7d5a34671ac41ad18f7f

(this sample)

MassLogger

Executable exe ad17d05d9bf7bb701bee55b078a0608a038e44a3c1c24b06b3eea34bfcdb280c

  
Dropping
MD5 efecd8b570319485e570b9fcc3183a71
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ad17d05d9bf7bb701bee55b078a0608a038e44a3c1c24b06b3eea34bfcdb280c

Comments