MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95a32b43bd6ce4735b44f9096419097dfb038bbba835a57a19ac91afb67ad310. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95a32b43bd6ce4735b44f9096419097dfb038bbba835a57a19ac91afb67ad310
SHA3-384 hash: f96ee8f42f2c386f1e98c80ae2212869b7a298f251e796864ec1ef5aa0763284a59f89a142262c294aff06f05c5be54f
SHA1 hash: 7a146a7278fd86d496c0fec506b67b8b820cea81
MD5 hash: e7f79fc08e0e73a8f0559464eaa98c3e
humanhash: blue-undress-mike-mars
File name:RFQ-T2498-R2.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:676'821 bytes
First seen:2020-10-27 08:52:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Ho8bNAIs+30rC/vXopvU8JeDuVy3Kcs2YBLWSWZwhFKLf1wxC5D1:HVi+0rAHzuVXznLzWZs8twxq
TLSH 1BE4239C66F521F961D6E0C3912135DB11C4DACCE9BFF128E09A9CF6F0D12671A3A839
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: worldwidecouriers.co.za
Sending IP: 156.96.44.160
From: Sali Al-Charif <sali@kevamed.com>
Subject: RE: Request for Quotation
Attachment: RFQ-T2498-R2.rar (contains "RFQ-T2498-R2.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95a32b43bd6ce4735b44f9096419097dfb038bbba835a57a19ac91afb67ad310/
Threat name:
Win32.Trojan.NetWired
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 23:36:50 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=swrswq55ntshgw2e7eewigijpx5qhc53va22k6qzvsi27nt22mia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 95a32b43bd6ce4735b44f9096419097dfb038bbba835a57a19ac91afb67ad310

(this sample)

MassLogger

Executable exe f333d03f0862ec4e468300222576f88dbecae09acd5bc6167d802a290c0d29e3

  
Dropping
MD5 9949a8a10c58f7bb1ace50e02d23b453
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f333d03f0862ec4e468300222576f88dbecae09acd5bc6167d802a290c0d29e3

Comments