MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4cbbd606d860fe7966fcc4b13825a9500b1cd3910797d479e0dc9ab6eebcb4f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4cbbd606d860fe7966fcc4b13825a9500b1cd3910797d479e0dc9ab6eebcb4f4
SHA3-384 hash: 01941aa4f6d1d7bdc0b7c50601ee84caf59fe82e88460f68adef1de0b18d9574a26443ee76207e4515bddcdc32a432fd
SHA1 hash: 14920aeb0fde41db2c23151884053a556c81c420
MD5 hash: 6995ca4d9d49d5da96290bf4c16c068e
humanhash: blue-asparagus-item-alanine
File name:FV00620224400 009384766589.r15
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'004'675 bytes
First seen:2020-10-09 15:44:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:qyF6LkVxU0xqhk8S1e+uV/3IKOHk5s6YgI57ANNb+Bzlw:+Qf54SLE/sky1gw7WU+
TLSH 5F2533E4C6CE7ABF5F64B0D4A59F341E561A208416FF3ADA82BB39C5F4C27828B17401
Reporter abuse_ch
Tags:MassLogger r15


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: e347122.name-servers.gr
Sending IP: 195.201.120.33
From: 720341@telkom.co.id
Subject: salinan pembayaran
Attachment: FV00620224400 009384766589.r15 (contains "FV00620224400 009384766589.exe")

MassLogger FTP exfil server:
ftp.persisiciptautama.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4cbbd606d860fe7966fcc4b13825a9500b1cd3910797d479e0dc9ab6eebcb4f4/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-09 11:57:56 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=js55mbwymd7hszx4ysytqjnjkafrzu4ra6l5i6pa3snln3v4wt2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4cbbd606d860fe7966fcc4b13825a9500b1cd3910797d479e0dc9ab6eebcb4f4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 4cbbd606d860fe7966fcc4b13825a9500b1cd3910797d479e0dc9ab6eebcb4f4

(this sample)

MassLogger

Executable exe 0c9ae5cd740c1da7060b92ddb33f3a3893e361aad45a2accc64d43bd9a1a4106

  
Dropping
MD5 dfd6b2ff20c9d4a934b14ff63efc899d
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c9ae5cd740c1da7060b92ddb33f3a3893e361aad45a2accc64d43bd9a1a4106

Comments