MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ce77726474903d5cc85d565749c8dfc6af4ce014e94f2051b39a229a7cda5e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ce77726474903d5cc85d565749c8dfc6af4ce014e94f2051b39a229a7cda5e2
SHA3-384 hash: c20605c5fe88d2ae6c47da762f236e3daa258ec2587c3a7f490b4b54fb8db9d3594a2bff06f220f5eca5466a2f675935
SHA1 hash: 10a94b07895076c6fc1fb0d41627f9251eb2c17f
MD5 hash: 34a0a6240ffd28e86212cf3be9b4d71c
humanhash: twelve-hydrogen-london-mars
File name:DOC11022012.UUE
Download: download sample
Signature MassLogger
Create hunting rule
File size:782'791 bytes
First seen:2021-02-11 07:55:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:FcqNELoN6NZzkmQil2HZmRT7ehFH9lfnqfv7bPtJ3rS2jccNDa8U3eXIX:usELE6HYuEmRT7cfqfv3/mGW8Up
TLSH 44F4334CC24A5D85599B17AFDD35337EB423C5B6A9F2A1001EE2B57F7D9C263000A3AA
Reporter abuse_ch
Tags:geo isbank MassLogger TUR uue


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: hosted-by.rootlayer.net
Sending IP: 45.137.22.52
From: Türkiye Is Bankasi <ortakservismerkezi@isbank.com.tr>
Subject: Banka Bildirimi Tarih: 11/2/2021
Attachment: DOC11022012.UUE (contains "DOC11022012.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.26474.29259.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ce77726474903d5cc85d565749c8dfc6af4ce014e94f2051b39a229a7cda5e2/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 08:27:32 UTC
AV detection:
4 of 46 (8.70%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rttxojshjeb5ltef2vsxjhen7rvpjtqbj2kpebi3hgrctj6nuxra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8ce77726474903d5cc85d565749c8dfc6af4ce014e94f2051b39a229a7cda5e2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 8ce77726474903d5cc85d565749c8dfc6af4ce014e94f2051b39a229a7cda5e2

(this sample)

MassLogger

Executable exe fa5ce219ed13ed1b4a2d4547d79c953d4a12e034078c9e8d4ff6063f9f71311d

  
Dropping
MD5 518235907db3235724e31c40943c369c
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fa5ce219ed13ed1b4a2d4547d79c953d4a12e034078c9e8d4ff6063f9f71311d

Comments