MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e3036343c95976bda5a7dc9f4553f24bc1253cdc49afa1b33d1ab655305f125. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e3036343c95976bda5a7dc9f4553f24bc1253cdc49afa1b33d1ab655305f125
SHA3-384 hash: e302be85f597eea61e546d3b0cabf8a8d0fd75b78fed5dbb40900f90516c61585e5672d56c82598ba9e89dca3296cadb
SHA1 hash: 68f19ebdf92a6b43939fd1c6a5bcbab7f3e2cbcb
MD5 hash: 99fd4c3b0514ac7e5a705c46cd456c0e
humanhash: happy-missouri-mobile-pennsylvania
File name:notificación de confirmación de pago de la factura 99765009.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:981'192 bytes
First seen:2020-08-10 13:11:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Vv9ZP0pIO/S9BwyzkBP61/WfRrn2+GUPwQIdWWIn0WbEESMuF:pT07/oaPOWfNI6wTYn0qIbF
TLSH 062533465B9E7275A9F36ADE1848A8406D5BFA8BF34F0F4B785540E4BB9C10CDCC860B
Reporter abuse_ch
Tags:ESP geo MassLogger zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: constantsia.com
Sending IP: 185.4.134.22
From: Lucas H. Kimiaamin <kimiaamin1999@gmail.com>
Subject: notificación de confirmación de pago de la factura 99765009
Attachment: notificación de confirmación de pago de la factura 99765009.zip (contains "notificación de confirmación de pago de la factura 99765009.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.0295a8c33ff9468a.2173.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e3036343c95976bda5a7dc9f4553f24bc1253cdc49afa1b33d1ab655305f125/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-10 13:13:05 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hyydmnb4swlwxws2pxe7ivj7es6beu6nysnpugzt2gvwkuyf6esq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/3e3036343c95976bda5a7dc9f4553f24bc1253cdc49afa1b33d1ab655305f125

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 3e3036343c95976bda5a7dc9f4553f24bc1253cdc49afa1b33d1ab655305f125

(this sample)

MassLogger

Executable exe 62d9b3d45df47e2bb1c64913382a31a7a15989123b363593ca144a9113082408

  
Dropping
MD5 0295a8c33ff9468a54e989aff9561126
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 62d9b3d45df47e2bb1c64913382a31a7a15989123b363593ca144a9113082408

Comments