MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b7c9f0dcedcfc7e28204e228da8bfb05111a0621b097f4c57bea36074dfee01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	3b7c9f0dcedcfc7e28204e228da8bfb05111a0621b097f4c57bea36074dfee01
SHA3-384 hash:	80a447d6c2484d95c1781a2fd6859844ea42a5d1870481c69022e059124bb54bd436d913e1ddea86fd74c918b6939340
SHA1 hash:	5be88e43b6b3d8695e7883ea9b3471b8dfb875a4
MD5 hash:	5070df99d9ae4f1424f6b294e8671bb0
humanhash:	finch-foxtrot-oklahoma-jupiter
File name:	file.zip
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	849'525 bytes
First seen:	2020-06-08 06:21:55 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:ty8QctE7e1/ZCcIsnaztNtHM+Jnq6tBPBu:tYDeJn2tw2vBJu
TLSH	DE0533BDB25EAD9B8484E8FF527B38C5B9AB3E3153A35E4D13A67137C700221B44D452
Reporter	abuse_ch
Tags:	geo GRC MassLogger zip

abuse_ch

Malspam distributing MassLogger:

HELO: server.linux80.papaki.gr
Sending IP: 138.201.37.101
From: info@nestor.gr
Subject: Re: νέα παραγγελία,
Attachment: file.zip (contains "file.exe")

MassLogger C2:
http://bestemys.com/cgi/ddssf4-40wsdd5-c5ae87-d59224-bc555d-d2379d-26222db-3152322/upload.php