MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 6441c31aeba714b924340c5a7f01daae9bfa57c7a0aeae2780c49efdb54ee9f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
MassLogger
Vendor detections: 2
| SHA256 hash: | 6441c31aeba714b924340c5a7f01daae9bfa57c7a0aeae2780c49efdb54ee9f6 |
|---|---|
| SHA3-384 hash: | f9460bfc707a03f6aa488d0072e188a62709788da1ad210522294c94cd7ece56ff85c79ee485a63ebb82501fd4edc564 |
| SHA1 hash: | 9a19c810d0b8db8dc5967dadcb776c6bf4a14a93 |
| MD5 hash: | adc498faafb1a738b551ab828f23093c |
| humanhash: | butter-four-lamp-seventeen |
| File name: | layer3.ps1 |
| Download: | download sample |
| Signature | MassLogger |
| File size: | 894'372 bytes |
| First seen: | 2020-10-06 11:21:06 UTC |
| Last seen: | Never |
| File type: |  ps1 |
| MIME type: | text/plain |
| ssdeep | 12288:c+w2hqCu9OQX6qQYpEram92veX5WqIBI/TfNUyJ8uM4:c+w2hqCu9OQX6qQ1ram9AeXPpNU1I |
| TLSH | FD159DD9E56F88C14C053AC55C6B17C74B2347729FBC0434272F7ACD8E939EA809ADA6 |
| Reporter |  Arkbird_SOLG |
| Tags: | Loader MassLogger powershell |
ArkbirdDevil
Layer 3 (powershell loader) used by the same Threat Actor that targets Italian companies since the two weeks.Intelligence
File Origin
# of uploads :
1
# of downloads :
234
Origin country :
n/a
Vendor Threat Intelligence
Threat name:
Script-PowerShell.Trojan.Ymacco
Status:
Malicious
First seen:
2020-10-06 11:23:05 UTC
File Type:
Text
AV detection:
11 of 29 (37.93%)
Threat level:
5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.