MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78234c1c306920c5cd4a7f936e5d7eb92d6d57fed182e3072122d119225a52eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78234c1c306920c5cd4a7f936e5d7eb92d6d57fed182e3072122d119225a52eb
SHA3-384 hash: 749de616bbd7d66788f95738cc4041e78c4d9faa627eb87091f9598e5fc9b734c6776cb5c68445a8ca04af1b690abf20
SHA1 hash: 9738a6f2b34a538dc334f4edbf57001c94a49b8e
MD5 hash: 4d5340ec2ab5db4bccd6d9bd7f52c591
humanhash: quiet-november-hot-artist
File name:MAERSK 12532020.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:933'187 bytes
First seen:2020-10-08 05:40:35 UTC
Last seen:2020-10-08 05:42:15 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:2G49SK+V5i9WWKwckYKUSsDLDWLBKOffvIY:UgVV5UWWKtKeiwY
TLSH D21523922F7C88EB275184E2891B282265FBA0E7C1BBD1463664F050FF76D11A075D7F
Reporter abuse_ch
Tags:Maersk MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: bashan.com.tr
Sending IP: 103.114.106.7
From: NURSAH-BASHAN <nursah@bashan.com.tr>
Subject: RE: new contract - Bushan 1000MT Contract No : 1253/2020
Attachment: MAERSK 12532020.zip (contains "MAERSK 12532019.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78234c1c306920c5cd4a7f936e5d7eb92d6d57fed182e3072122d119225a52eb/
Threat name:
ByteCode-MSIL.Spyware.Masslogger
Create hunting rule
Status:
Suspicious
First seen:
2020-10-08 05:42:07 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
34 of 48 (70.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=paruyhbqneqmltkkp6jw4xl6xeww2v762gbogbzbelirsis2klvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/78234c1c306920c5cd4a7f936e5d7eb92d6d57fed182e3072122d119225a52eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 78234c1c306920c5cd4a7f936e5d7eb92d6d57fed182e3072122d119225a52eb

(this sample)

MassLogger

Executable exe 4d52797ef29c39adff40c2e0e86ed50ba242028a82af1041d8dff12820bf2a5f

  
Dropping
MD5 9e7efaf10b1216426d905034afee278b
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4d52797ef29c39adff40c2e0e86ed50ba242028a82af1041d8dff12820bf2a5f

Comments