MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d59bacff9eb524fa0215086e636425fc10d3facb05c12ca79c7cc1af7a25c2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d59bacff9eb524fa0215086e636425fc10d3facb05c12ca79c7cc1af7a25c2b
SHA3-384 hash: 12a2046e8ee1d1e48086311e05315bfec8635579699ac4b8fa71a216250eaeeb8ae6bd1d4ac60f9e5119db1ac19d2820
SHA1 hash: e3e579de672ebc078c02b1f687b4d621993e58cf
MD5 hash: e997b6af9a2d8d68f965b9c9ea5a2a8e
humanhash: autumn-nevada-johnny-florida
File name:08009022.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:19'630 bytes
First seen:2022-08-16 10:04:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:Yt+qepQAGqVdtxp+WJt1oo0dSf5UeiTUNGyVx9KnfrY/9JZr/:fqePjLpvJt1oJdSf+5YN79IjY/jZr/
TLSH T1C292E0A00B17D718F5381948202ECF9F25E9CCAC4D9681B323A57FC79FB655224534AF
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:MassLogger payment zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Account <jer.lan@musicpda.com>" (likely spoofed)
Received: "from zlefcfua.musicpda.com (zlefcfua.musicpda.com [185.246.220.235]) "
Date: "9 Aug 2022 04:16:54 -0700"
Subject: "Fwd: Payment Receipt"
Attachment: "08009022.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_exenum416.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62fb6c177a5eee50480f9623/reports/6dd3e8c0-0b7f-4ae5-b0ff-9cf4060e4a7e/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/2d59bacff9eb524fa0215086e636425fc10d3facb05c12ca79c7cc1af7a25c2b
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d59bacff9eb524fa0215086e636425fc10d3facb05c12ca79c7cc1af7a25c2b/
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2022-08-09 13:34:02 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fvm3vt7z5nje7ibbkcdomnscl7aq2p5mwbobfstzy7gbv55clqvq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220816-l4hpasadh2/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/2d59bacff9eb524fa0215086e636425fc10d3facb05c12ca79c7cc1af7a25c2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 2d59bacff9eb524fa0215086e636425fc10d3facb05c12ca79c7cc1af7a25c2b

(this sample)

MassLogger

Executable exe f127b3ccc3495b723d23829d0bf947e4108c9332fb13fdd00d0e82ff41a8eb73

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f127b3ccc3495b723d23829d0bf947e4108c9332fb13fdd00d0e82ff41a8eb73
  
Dropping
MD5 bbd02110fd8e38f9768c911324634c60

Comments