MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a197b6d552d591e6f885873a6047214956e3f0af7e5f51c4d5d9419c04e2390. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a197b6d552d591e6f885873a6047214956e3f0af7e5f51c4d5d9419c04e2390
SHA3-384 hash: 2e28040d892a21c331a27ab4d7c77432171cf54af3afd036d533b5e2d073ce495a1f90cf33e04d3767b2150caef26051
SHA1 hash: 35b362e1dcdefca07650726328b32793d077ba5d
MD5 hash: 3eae25c323064ef882312be045b4e148
humanhash: jig-arizona-double-nuts
File name:RFQ_200827073--MH202514---01-90160-R0-A1Jay inc.pdf.z
Download: download sample
Signature MassLogger
Create hunting rule
File size:504'331 bytes
First seen:2020-08-31 12:22:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:O35SOr+lwf4c3Om1LVSDh+tdhf4DfBFIWXQk2xDtnee8/a8:OJSO9JDO8nmFLQDFRP8
TLSH 65B423FDC16B6C3F2C7D4AD5A81F26BC4B1C1565379F829226A1F7B4E1C900C4EAE621
Reporter abuse_ch
Tags:MassLogger z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: williamsrecognition.com
Sending IP: 31.168.40.90
From: Judy .M <judy.m@williamsrecognition.com>
Subject: NEED RUSH QUOTE
Attachment: RFQ_200827073--MH202514---01-90160-R0-A1Jay inc.pdf.z (contains "RFQ_200827073--(MH202514)---01-90160-R0-(A1Jay inc).pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.6936.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a197b6d552d591e6f885873a6047214956e3f0af7e5f51c4d5d9419c04e2390/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-31 04:37:54 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=limxw3kvfvmr434ilbz2mbdscskw4pyk67s7khcnlwkbtqcoeoia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5a197b6d552d591e6f885873a6047214956e3f0af7e5f51c4d5d9419c04e2390

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 5a197b6d552d591e6f885873a6047214956e3f0af7e5f51c4d5d9419c04e2390

(this sample)

MassLogger

Executable exe 669c338b6022e64b567ca5975b33f2ca26ec77e3b85d3dcb5b8d2002417333d9

  
Dropping
MD5 de4c844f35d52505811b90bd71c5c0c4
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 669c338b6022e64b567ca5975b33f2ca26ec77e3b85d3dcb5b8d2002417333d9

Comments