MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9258d2295790e426975b82410c873426cdce760ea363bbe4c3b3adbbcecd0798. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9258d2295790e426975b82410c873426cdce760ea363bbe4c3b3adbbcecd0798
SHA3-384 hash: d70e81e54d59c1dcf1a379496bb456d568157f5be0a2a34fe85981d828b0cdd303a7b838ec72fa565a1a84ed222e610e
SHA1 hash: 471105c6d5d9ea176776a63290b8e5afeb2b8490
MD5 hash: 9d5f740b7d5809ea25730e64b4fa912d
humanhash: don-music-two-wyoming
File name:SOA SWIFT COPY_PDF_________________________________________.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'660'557 bytes
First seen:2020-09-16 09:52:05 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 24576:7ewJ9gLO8jEHWwZrQ8dKooBNYP11tJEx7KWACg/PkYwgayeA2vS7kEroMYMt28Mo:tJ9gw7ZPdNWNIJEx9A2gAKwErYjErJ5
TLSH 927533C813757FAE6E0096A97933088EF41F7A6CCD1479BC5F2D04D9629E901153AF8B
Reporter cocaman
Tags:gz MassLogger SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: "sales admin<xasapi@auto-deal.gr>"
Received: "from auto-deal.gr (unknown [45.137.22.56]) "
Date: "16 Sep 2020 02:48:04 -0700"
Subject: "RE: Inward remittance"
Attachment: "SOA SWIFT COPY_PDF_________________________________________.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9258d2295790e426975b82410c873426cdce760ea363bbe4c3b3adbbcecd0798/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-09-16 09:54:07 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sjmnekkxsdscnf23qjaqzbzue3g445qounr3xzgdwow3xtwna6ma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9258d2295790e426975b82410c873426cdce760ea363bbe4c3b3adbbcecd0798

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 9258d2295790e426975b82410c873426cdce760ea363bbe4c3b3adbbcecd0798

(this sample)

MassLogger

Executable exe 5c25185beb2246bba9f097cb915dcc1560c80527c6750d6da5737c29de2db217

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c25185beb2246bba9f097cb915dcc1560c80527c6750d6da5737c29de2db217

Comments