MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 502ac43b5ca760c8f762fa0ab74c68ed7c3b264d35dd05810556b4b79a58c723. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 502ac43b5ca760c8f762fa0ab74c68ed7c3b264d35dd05810556b4b79a58c723
SHA3-384 hash: f2a5c5ceffd1c3ad9ddb770f8b618c2e93b471105da519b1db42da9e3ca18d6b170f1a316f1f4a9955075be2e7b03cc1
SHA1 hash: 47169a9f39551d198489c24bb1f8c58afbd2371a
MD5 hash: 014bd8cc756138938b10b98128c5268b
humanhash: summer-bulldog-equal-lamp
File name:scandocuments_pdf.7z
Download: download sample
Signature MassLogger
Create hunting rule
File size:431'945 bytes
First seen:2020-11-05 10:07:49 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:Sg6BDy3zA2G42B8pf5ppDtuf5l6ktWBToSZvr3:+B2j2BST0bQh
TLSH 039423D43A24BFA744A68B8A4382DD22EFD58D0170A5A7FD2C631AFC95750FA00CE1DD
Reporter abuse_ch
Tags:7z MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: victim-domain
Sending IP: 45.137.22.74
From: info@victim-domain
Subject: URGENT
Attachment: scandocuments_pdf.7z (contains "scandocuments_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/502ac43b5ca760c8f762fa0ab74c68ed7c3b264d35dd05810556b4b79a58c723/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 04:10:18 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kavmio24u5qmr53c7iflotdi5v6dwjsngxoqlaifk22lpgsyy4rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

7z 502ac43b5ca760c8f762fa0ab74c68ed7c3b264d35dd05810556b4b79a58c723

(this sample)

MassLogger

Executable exe 31a02cdd0d7e578a470fb434aafab1f8005da0dc356bce10f38c5e617b659ae3

  
Dropping
MD5 86d15b73cf9ea80263848169368ebed0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 31a02cdd0d7e578a470fb434aafab1f8005da0dc356bce10f38c5e617b659ae3

Comments