MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24cdda1c615a7310ae7a870f5c890b56a686f7378585a071ff700be9edb770f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24cdda1c615a7310ae7a870f5c890b56a686f7378585a071ff700be9edb770f6
SHA3-384 hash: 51e33520b36326c6919b4ad317b78aad6745abc7a0c86b6fda57e2e95b8ff3d9cdbe1ceb3c0cd92d270e697d1433117e
SHA1 hash: 4b3f14c32a0dbfc4070973f7ecf83739ae79cf64
MD5 hash: 84e10aa23786676fe6012535bb3dff5e
humanhash: lemon-steak-delaware-pluto
File name:SWIFT-COPYX30000.lzh
Download: download sample
Signature MassLogger
Create hunting rule
File size:586'764 bytes
First seen:2020-10-27 13:00:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:4HA3P2q9ULJW0o/muDPDnMVYYbtMmsfkJaau2wmWa6:qGHEJ4/vJc0uWa6
TLSH 7EC423CABE136CD977E540A832EDF469265B8A10C6AF0453C9D4C3247BA8FBCC62DD15
Reporter abuse_ch
Tags:lzh MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: smtp.brenntag.nl
Sending IP: 37.74.78.5
From: Theo Rutten <Theo.Rutten@brenntag.nl>
Subject: Swift copy- Payment advice
Attachment: SWIFT-COPYX30000.lzh (contains "SWIFT-COPYX30000.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24cdda1c615a7310ae7a870f5c890b56a686f7378585a071ff700be9edb770f6/
Threat name:
ByteCode-MSIL.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 09:16:51 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=etg5uhdbljzrblt2q4hvzcilk2tin5zxqwc2a4p7oaf6t3nxod3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MassLogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/24cdda1c615a7310ae7a870f5c890b56a686f7378585a071ff700be9edb770f6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 24cdda1c615a7310ae7a870f5c890b56a686f7378585a071ff700be9edb770f6

(this sample)

MassLogger

Executable exe 4d070c37035d5d59c99ec7f7214282148ec5762de11bbbb4eb8784ed59f3e87e

  
Dropping
MD5 9c56d69509cf039dcd3620846d3c44d3
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4d070c37035d5d59c99ec7f7214282148ec5762de11bbbb4eb8784ed59f3e87e

Comments