MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9673a992ff71b39000e64d9d56f4c0b27c85339edb5de88ad17f77d9b8e154a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9673a992ff71b39000e64d9d56f4c0b27c85339edb5de88ad17f77d9b8e154a8
SHA3-384 hash: d96c5940b4542b4ad412bc454451b9bed6b49a7f46ded17e20dee2639edc3174cea616063f450939cc7ddc4a72b6bbd4
SHA1 hash: 5d4a978d126f72c1fe2c6b8a1c6ff6eb5779a4d7
MD5 hash: 374ae8f79ee978fbf1d4649e6126c856
humanhash: kitten-undress-pizza-orange
File name:PAYMENT - COPY .rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:945'620 bytes
First seen:2020-10-23 06:54:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:gR49sqz5JVwGlJMYfYev4Lbee703ikkNkeKKHhoa0jzW:9tz5Ji4ewY1LbeeokOeKCOa0e
TLSH 451533388368A8DBE595F8AB5DEFE1F4CD414F5D1B3244A108C6AC77D98ACA287C4533
Reporter abuse_ch
Tags:MassLogger rar Yahoo


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: sonic309-21.consmr.mail.sg3.yahoo.com
Sending IP: 106.10.244.84
From: Angolan Semba <s.angolan@yahoo.com.sg>
Subject: : Fwd: Wire Transfer Payment
Attachment: PAYMENT - COPY .rar (contains "MvZy9A27CiSqZpp.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9673a992ff71b39000e64d9d56f4c0b27c85339edb5de88ad17f77d9b8e154a8/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 05:16:39 UTC
AV detection:
10 of 29 (34.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=szz2tex7ogzzaahgjwovn5gawj6ikm463no6rcwrp535tohbksua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 9673a992ff71b39000e64d9d56f4c0b27c85339edb5de88ad17f77d9b8e154a8

(this sample)

MassLogger

Executable exe d03792e976baeea6547686ff0fe4ced755f9bad76ee6e3ff3c5f4adf93cbb0f8

  
Dropping
MD5 097e02a7620118b5a0571ec84b5e3e30
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d03792e976baeea6547686ff0fe4ced755f9bad76ee6e3ff3c5f4adf93cbb0f8

Comments