MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 986086d0ceabd397222e9db2b5e39d5bf71a44b2182769bf5fa8170f03c71bf9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 986086d0ceabd397222e9db2b5e39d5bf71a44b2182769bf5fa8170f03c71bf9
SHA3-384 hash: b492c555b7a4b272ef05c7ae9f3a016518c733c8ee1fe3da461e049e0c011bceadd83abcf707cd151f04753ace5a96f7
SHA1 hash: 407e5a9b166fae5d5121b6682d0a8968e49d896c
MD5 hash: 259bb61e67c5458655a47ca2c1cae68b
humanhash: mobile-princess-west-sixteen
File name:Samples and Specification.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:954'403 bytes
First seen:2020-07-20 09:25:56 UTC
Last seen:2020-07-20 09:26:32 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:nM7Ll6n3v4U44ymJZUZCBYMnN7d4c/+y1cGV310DoLy:nMl63v40TBDWyaGV3iCy
TLSH B01533CC79469B149864B7CEA77FD9C3E5BF9813F920B97BE67049B70B007135928882
Reporter abuse_ch
Tags:MailChannels MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: beige.elm.relay.mailchannels.net
Sending IP: 23.83.212.16
From: sino <sino_frank@capstoneeeq.com>
Subject: URGENT PURCHASE ORDER
Attachment: Samples and Specification.zip (contains "Samples and Specification.exe")

MassLogger FTP exfil server:
ftp.ads-logitics.com:21

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/986086d0ceabd397222e9db2b5e39d5bf71a44b2182769bf5fa8170f03c71bf9/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 09:27:07 UTC
AV detection:
25 of 45 (55.56%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tbqinugovpjzoirotwzlly45lp3rurfsdatwtp27valq6a6hdp4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/986086d0ceabd397222e9db2b5e39d5bf71a44b2182769bf5fa8170f03c71bf9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 986086d0ceabd397222e9db2b5e39d5bf71a44b2182769bf5fa8170f03c71bf9

(this sample)

MassLogger

Executable exe 11c1f4cb84f8d31e6cece374a11f090d3cbfd9cb9a94057d351bcac45480ad1c

  
Dropping
MD5 f1c2d9aca2d74fa58635a6b4bd87a4fc
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 11c1f4cb84f8d31e6cece374a11f090d3cbfd9cb9a94057d351bcac45480ad1c

Comments