MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5315833f08b411947e8156bc9d1a8406a5c8e2b182665c90847db6a9a98814a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5315833f08b411947e8156bc9d1a8406a5c8e2b182665c90847db6a9a98814a9
SHA3-384 hash: 06d14b7569877bf47d3ebcef7ab0ab19c10ded34a5bc0ce5f7090dec87e0f2373f5a375261f279a0deefdcb6e908bd35
SHA1 hash: 9ac3b0c0524b017406c2de13291ee2746c18a7bd
MD5 hash: 97a19aee6f2f982abcebc19bb1871929
humanhash: seventeen-bacon-black-lion
File name:swift.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:802'624 bytes
First seen:2020-11-07 10:23:55 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:pQlk3q8TzJfo9hBMcLhS5Ro6UQdu98k8Ww3XwK:elETFfo9hBlHPAXd
TLSH C2052370E8EE7D6A21821A83E0504F2765552B87424224CC5ADD7F8C34FE5CFAF8D796
Reporter abuse_ch
Tags:GarantiBBVA geo MassLogger rar TUR


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.kordonweb.net
Sending IP: 92.42.37.134
From: Garanti BBVA <export@hayfirca.com>
Subject: Yurtdışına Giden Para Transferi (SWIFT)
Attachment: swift.rar (contains "WGEQFc9wg2hwJ2r.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5315833f08b411947e8156bc9d1a8406a5c8e2b182665c90847db6a9a98814a9/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 15:43:34 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kmkygpyiwqizi7ubk26j2guea2s4ryvrqjtfzeeepw3ktkmicsuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 5315833f08b411947e8156bc9d1a8406a5c8e2b182665c90847db6a9a98814a9

(this sample)

MassLogger

Executable exe 310f5815e8e68ccdf1d75985e8fbbe6b3b9a6997155505d97066d75c6ab9ced7

  
Dropping
MD5 2887624a6e23f6acdf6e85872ef4d827
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 310f5815e8e68ccdf1d75985e8fbbe6b3b9a6997155505d97066d75c6ab9ced7

Comments