MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4af3341c8b9780cd4d5700b88eb826d4fffd167cb432871c6ab578d2e9a35156. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4af3341c8b9780cd4d5700b88eb826d4fffd167cb432871c6ab578d2e9a35156
SHA3-384 hash: 7111e6a78936066be74b7c160b8aca7e051078bd90edbd01562aa9f17bd4b8aecb61552382c897adb106343f85663234
SHA1 hash: 9d4a0e14b3d016debd9158d4f4e268db1cd4086c
MD5 hash: 2f68b0c83afaab38a7a785cc3acd18d9
humanhash: saturn-iowa-lake-east
File name:URGENT PURCHASE ORDER 3874.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:828'031 bytes
First seen:2020-08-18 06:26:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:BHi2CGkvsOVaarMbEYvNnokyxGe78TAknZzC1lYa0wt:7kvsOIa+veks7+AmC/7Xt
TLSH D10533C95DE4E7AC4A6329CFDCF0AD0981FC980DB05D48D2E267FEBB1095B4C16C6952
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: blinux.thesecurededicatedserver.com
Sending IP: 198.52.104.94
From: Gülşah BİRADERLER <Glah-BRADERLER@maxcael.com>
Reply-To: sales@maxcael.com
Subject: PURCHASE ORDER
Attachment: URGENT PURCHASE ORDER 3874.rar (contains "URGENT PURCHASE ORDER 3874.exe")

MassLogger SMTP exfil server:
mail.conshipping.ro:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4af3341c8b9780cd4d5700b88eb826d4fffd167cb432871c6ab578d2e9a35156/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 10:19:08 UTC
AV detection:
12 of 47 (25.53%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jlztihels6am2tkxac4i5obg2t772ft4wqziohdkwv4nf2ndkfla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 4af3341c8b9780cd4d5700b88eb826d4fffd167cb432871c6ab578d2e9a35156

(this sample)

MassLogger

Executable exe 2793ca2b4f702f2ddfcaeb0ccde6700da8b215b9894cf72adbece6a4d57a8e67

  
Dropping
MD5 26210686060e03041c77b6987b079f6d
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2793ca2b4f702f2ddfcaeb0ccde6700da8b215b9894cf72adbece6a4d57a8e67

Comments