MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57ebfa63e2f897a264e68d4699d61d4060d229a5d05659c6fbff40773645f792. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57ebfa63e2f897a264e68d4699d61d4060d229a5d05659c6fbff40773645f792
SHA3-384 hash: d7f13c3ac768f76f1aa9c3878f2b64d969f046bc4ffc5e9c5393011a2fbdfb8d344dc996d966bf4e8af1f99378c2a37f
SHA1 hash: f5737c3aea92082d0b14272b7ee58aff5c17b3d0
MD5 hash: 71dd40fe974f45d308bc6732e6bcdeb5
humanhash: artist-hawaii-coffee-charlie
File name:201900000025-CONSIGNMENT-DOCUMENTS-FOR-SHIPPING-GOODS-2020-12-12.7z
Download: download sample
Signature MassLogger
Create hunting rule
File size:807'914 bytes
First seen:2020-12-10 11:06:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:rVRNm3HOgqsHJoKnqwUdTw5lDmDHz5rttPXucUSCK9OvlsOOCJpZmM2we5EY5XWR:JR4zqZdc5lDm7l/9dSOk3qwe5EYNW/np
TLSH 790533B35E3B4CD973C9F62D7A9CCB2248068347C7AD2F997ABA5A346374290C071359
Reporter abuse_ch
Tags:7z MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.glassdrive.pt
Sending IP: 176.74.179.25
From: Freja Valdemar <frejavaldemar547@hotmail.com>
Reply-To: Freja Valdemar <swatil-bom5.vsnl@outlook.com>
Subject: FORSENDELSESDOKUMENTER FOR FORSENDELSE (BL, PAKNINGSLISTE & HANDELSFAKTURA)
Attachment: 201900000025-CONSIGNMENT-DOCUMENTS-FOR-SHIPPING-GOODS-2020-12-12.7z (contains "201900000025-CONSIGNMENT-DOCUMENTS-FOR-SHIPPING-GOODS-2020-12-12..exe")

MassLogger SMTP exfil server:
mail.prestamil.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_Hideexe.5.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/57ebfa63e2f897a264e68d4699d61d4060d229a5d05659c6fbff40773645f792/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-10 11:07:09 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k7v7uy7c7cl2ezhgrvdjtvq5ibqneknf2blftrx375ahonsf66ja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/57ebfa63e2f897a264e68d4699d61d4060d229a5d05659c6fbff40773645f792

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 57ebfa63e2f897a264e68d4699d61d4060d229a5d05659c6fbff40773645f792

(this sample)

MassLogger

Executable exe 1d5ef5eccb6e1598e4c3ccda198a61e58387ebba40398eb1d9262d1cab7dda06

  
Dropping
MD5 ce56eddc76881b7c37e4aa54c1d10e51
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1d5ef5eccb6e1598e4c3ccda198a61e58387ebba40398eb1d9262d1cab7dda06

Comments