MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d3a7009eef3966809949b166644b47811fee4104669c6801f25c497fc786651. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d3a7009eef3966809949b166644b47811fee4104669c6801f25c497fc786651
SHA3-384 hash: a9b6b908f13de181204036f7419fb279aa0cde49d81678ea6968ec564a4f41f86a73445f544d58db6dee2acaee750f91
SHA1 hash: 3b1520aa6b45d83a02cb0e054815c7bcd8124172
MD5 hash: 7eb73a2a97f82be764a515e7c01a97a6
humanhash: victor-zebra-king-ten
File name:Account 1..pdf.z
Download: download sample
Signature MassLogger
Create hunting rule
File size:177'010 bytes
First seen:2021-02-01 14:58:16 UTC
Last seen:2021-02-09 15:35:43 UTC
File type: zip
MIME type:application/zip
ssdeep 3072:Vm7y5q5i2kWlt0Gia/tVOQdSh8A/kMgNRfrHQl72e5b4of3CPDBAy+jIl2JWgZcw:VZqplyGjrs8ADgNNrC6Y4of34DBAfjIm
TLSH 2204232E62B29F4B3DD88634D098B93A1FD9A78712752D13CB03D42135992CB5A770FB
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
12
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d3a7009eef3966809949b166644b47811fee4104669c6801f25c497fc786651/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-30 12:54:51 UTC
AV detection:
11 of 44 (25.00%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ju5hacpo6olgqcmutmlgmrfupai75zaqizu4naa7excjp7dymziq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/4d3a7009eef3966809949b166644b47811fee4104669c6801f25c497fc786651

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 4d3a7009eef3966809949b166644b47811fee4104669c6801f25c497fc786651

(this sample)

MassLogger

Executable exe 4261bcf1395fcd6fd3bfa28d5427d88ea43e186c5497d8a98d195a599dd197e9

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4261bcf1395fcd6fd3bfa28d5427d88ea43e186c5497d8a98d195a599dd197e9
  
Dropping
MD5 360c6dadd9c386a6ebeeb905f6cc59eb

Comments