MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84b16561275c32c677e704e8fad8188bc020eb936e41fbab448a4ff333d83d84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84b16561275c32c677e704e8fad8188bc020eb936e41fbab448a4ff333d83d84
SHA3-384 hash: cae80d43d238d3c3843ec998f70c866b62fe54aa3c3c38ce11f08ec2affda55ccce4f0990f324db64f5e40ab38de5ad3
SHA1 hash: 541366b21c619d3d8f00192b2f31e51f50179281
MD5 hash: b921d78284be712b37e6c92609ec06e5
humanhash: sad-sodium-uniform-cardinal
File name:BANK SLIP.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:632'290 bytes
First seen:2020-08-11 14:13:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:S5yen5RKOlCI98PdNsUWSMjjwdFWGFTInQIqCHhYpnTPzgtqP3ZvuD4IWuIiw:DOmOgc8PkVEdFWGtCSCHutEtqP3MvIf
TLSH 01D433372D44E312797A714C5B252ED28B63CEB30AEA4DFDAC79CC22039558834D79E2
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.linux108.papaki.gr
Sending IP: 185.138.43.36
From: Ian Walker <iwalker@multipowerproducts.com>
Reply-To: Ian Walker <iwalker@multipowerproducts.com>
Subject: RE:RECIBO DE TRANSFERENCIA BANCARIA
Attachment: BANK SLIP.zip (contains "BANK SLIP.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.27001.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/84b16561275c32c677e704e8fad8188bc020eb936e41fbab448a4ff333d83d84/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 14:15:08 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qsywkyjhlqzmm57hatupvwayrpacb24tnza7xk2erjh7gm6yhwca._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/84b16561275c32c677e704e8fad8188bc020eb936e41fbab448a4ff333d83d84

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 84b16561275c32c677e704e8fad8188bc020eb936e41fbab448a4ff333d83d84

(this sample)

MassLogger

Executable exe bc13ffa3b767641ff58d98c8df48167b55c45fb97335b4819c4af8a57af47ff1

  
Dropping
MD5 20bbb3601fca04cd5c8b094a111805eb
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bc13ffa3b767641ff58d98c8df48167b55c45fb97335b4819c4af8a57af47ff1

Comments