MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4dd968fcdadbde8f3400a3c78ad8613a5c1f10f4fed3052427f819b8e176aa47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4dd968fcdadbde8f3400a3c78ad8613a5c1f10f4fed3052427f819b8e176aa47
SHA3-384 hash: e6129eb18f56a23c01e71b444f5ab9e206656c7ac2e61a60e1942a1e7760cb174e76cf24bb7f5e66f52fa01fd98c657d
SHA1 hash: 29f6261ac26986cb0c02ea44437beffd263350f3
MD5 hash: 20fd9243a731612bdbe148ac122ab716
humanhash: friend-happy-papa-alpha
File name:SCB09876.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'115'740 bytes
First seen:2020-11-06 07:35:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:SyDhtsbK8NPWsqS1CR1hPuaijVfPnmeoQ+6b:S+tsbKg5iB+Xnmeog
TLSH 5635331026E8A39ED5164D0FD777AC7468C3E11AA20FF712F58F10990B371939BBA1A7
Reporter abuse_ch
Tags:MassLogger rar Yahoo


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: sonic304-23.consmr.mail.gq1.yahoo.com
Sending IP: 98.137.68.204
From: Ali joy <joyali124@yahoo.com.sg>
Subject: FW: Payment Transfer
Attachment: SCB09876.rar (contains "pmdt2egRhRSrXC1.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4dd968fcdadbde8f3400a3c78ad8613a5c1f10f4fed3052427f819b8e176aa47/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-11-06 07:37:09 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jxmwr7g23ppi6naaupdyvwdbhjob6ehu73jqkjbh7am3rylwvjdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 4dd968fcdadbde8f3400a3c78ad8613a5c1f10f4fed3052427f819b8e176aa47

(this sample)

MassLogger

Executable exe 09566b43ed2bfc7c75e430da0c041345cc4d91ec7fddb2a3f363d57aaab64437

  
Dropping
MD5 ea81ff558826b66dbf79da6135156898
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 09566b43ed2bfc7c75e430da0c041345cc4d91ec7fddb2a3f363d57aaab64437

Comments