MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79b0c9d309debac7384a0d5a95839b42be00d66aa0e545cf84060f3c0c8af22b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79b0c9d309debac7384a0d5a95839b42be00d66aa0e545cf84060f3c0c8af22b
SHA3-384 hash: 1baf5695051412df3b7f1b6910b61f6ec7d61ba4eabc1c859ebd8743d591136967d46e94eb030038193e822f1102da4a
SHA1 hash: ca255b0496a7caa5ed405048987f10c5543c8fa7
MD5 hash: 8c847c72fe0cc8ebf7e0681cfc2c4773
humanhash: lima-vegan-sodium-video
File name:RFQ_PCPSPIRSZ2020022 - 1.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:827'382 bytes
First seen:2020-08-17 17:31:33 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:grrcwY2GfKJW7dG4b5kwxnGy+NtO5Obh5vrHDmI69G5C5OkC:grcD2GfOW7Ee5kwBjctLTH9ZmC
TLSH 330533BBEB1BC6A5FD9EF05BD55A0A3524B2D119C02F2814176AFC8421A5CDB313B2C7
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: WIN-PKQOOSVL94S.home
Sending IP: 178.216.248.85
From: YULING WANG <M.toosi@simcatec.com>
Subject: RFQ_PCP/SPIR/SZ/2020/022
Attachment: RFQ_PCPSPIRSZ2020022 - 1.gz (contains "RFQ_PCPSPIRSZ2020022 - 1.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/79b0c9d309debac7384a0d5a95839b42be00d66aa0e545cf84060f3c0c8af22b/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 17:33:06 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pgymtuyj325moockbvnjla43ik7abvtkudsult4eayhtydek6ivq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/79b0c9d309debac7384a0d5a95839b42be00d66aa0e545cf84060f3c0c8af22b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 79b0c9d309debac7384a0d5a95839b42be00d66aa0e545cf84060f3c0c8af22b

(this sample)

MassLogger

Executable exe a551bc2327862c1430dac51dce368001622525fae235ca689f7b055e0d3125c7

  
Dropping
MD5 78b61b1e9b375628d02bf7d289b1aeab
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a551bc2327862c1430dac51dce368001622525fae235ca689f7b055e0d3125c7

Comments