MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 889f57e4c5200656ce7a7b9c60157870771a3567430dd3cbb6093200a07d8e80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 889f57e4c5200656ce7a7b9c60157870771a3567430dd3cbb6093200a07d8e80
SHA3-384 hash: 996d244516264d6a800880e35d5bb1c131a976c83871bd8189ca2cddc073662f0dbf74f436fcf34ffa81af1107949f50
SHA1 hash: f68886310d9b3cac6f87213ff901be6518fe3097
MD5 hash: 61e35c7da2cdd36919ba174eb0f85e11
humanhash: bakerloo-cup-jersey-hot
File name:ORDEN DE COMPRA-pdf.7z
Download: download sample
Signature MassLogger
Create hunting rule
File size:566'354 bytes
First seen:2020-08-12 15:29:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:EUX8t3gNtrEVIXUuELDuGmxRLb0h2xVTU+QUtpjnT:X8KNtvXUuEfmHxVTVQspjT
TLSH F3C423CA232E7D8FD585D22CEA5BB031B678E83BC80651C2577176A236B05745F8F187
Reporter abuse_ch
Tags:7z MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: linux1537.grserver.gr
Sending IP: 185.138.42.92
From: Reservas Abra Pas <abrapasreservas@cantur.com>
Reply-To: Reservas Abra Pas <baeutyslondon@yahoo.com>
Subject: NUEVO PEDIDO DE ENVÍO A VIETNAM
Attachment: ORDEN DE COMPRA-pdf.7z (contains "ORDEN DE COMPRA-pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/889f57e4c5200656ce7a7b9c60157870771a3567430dd3cbb6093200a07d8e80/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 15:31:05 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rcpvpzgfeadfntt2poogaflyob3runlhimg5hs5wbezabid5r2aa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/889f57e4c5200656ce7a7b9c60157870771a3567430dd3cbb6093200a07d8e80

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 889f57e4c5200656ce7a7b9c60157870771a3567430dd3cbb6093200a07d8e80

(this sample)

MassLogger

Executable exe e16f2a118c2150aaa6ac8c5587737557e6abc4ba57023a78644634eac9fbf696

  
Dropping
MD5 a7e8bdffb98b0c316a43db5c2f0cd2ab
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e16f2a118c2150aaa6ac8c5587737557e6abc4ba57023a78644634eac9fbf696

Comments