MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e5feb8d589b20d57797a262400ed154f7350cfd53c1f19e54d927e35af050b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e5feb8d589b20d57797a262400ed154f7350cfd53c1f19e54d927e35af050b9
SHA3-384 hash: 41e15d34b6eb1915b6b0c495e1a9762923fef442f9af888e258c18479aa5d83878e6a741ed0e8c065fedeba1db9bc54c
SHA1 hash: b15b7d2355f91c00d69721dde5b22f6a6795f2bd
MD5 hash: 255eea4ec972ce3f8e1440a02a4a100a
humanhash: carolina-venus-solar-artist
File name:Arne-Joern Lemke CV.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:770'759 bytes
First seen:2020-10-26 15:48:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:MPM3ylUKbWmtdEYHdOTpc9Yil3QGJJw+4Wd3mLcHi7JbuHCMLQitOww0OqReeQ/m:ME31E4Tpcz394qmLEilSVOw9nMQbF
TLSH 37F423E799D48BBAAF5AC8E67D3C18C30C1DF86CDAC95A4ED47A1F3301155E990B2813
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.ru
Sending IP: 156.96.118.35
From: Arne-Joern Lemke <Arnelemke12@mail.ru>
Subject: Accountant with Experience
Attachment: Arne-Joern Lemke CV.zip (contains "CHIBYKE08.exe")

MassLogger SMTP exfil server:
mail.hkoffice365.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.Wirenet.556.11710.6758.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e5feb8d589b20d57797a262400ed154f7350cfd53c1f19e54d927e35af050b9/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 09:35:16 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fzp6xdkytmqnk54xujreadwrkt3tkdh5kpa7dhsu3et6gwxqkc4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 2e5feb8d589b20d57797a262400ed154f7350cfd53c1f19e54d927e35af050b9

(this sample)

MassLogger

Executable exe b234b123cd33ace5b6434059665f92851e0637017abf1d5d1e009660d1c2e9d9

  
Dropping
MD5 325b97f2759f0d56106b7767a07d24bd
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b234b123cd33ace5b6434059665f92851e0637017abf1d5d1e009660d1c2e9d9

Comments