MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b20a79bbcd7f5d7e981ab996160812e1f3f54ac809950629f1f437f5a866d70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b20a79bbcd7f5d7e981ab996160812e1f3f54ac809950629f1f437f5a866d70
SHA3-384 hash: 45b37c08e0ddc1a8ec690bcc8fd86527f5413ad4e2948053251fe54bff061a587887d5a3ca45832be2af88f6159079f6
SHA1 hash: f97fbeb69ab86de56739116339090b01e640dea1
MD5 hash: c3bc4211552a92ee3a5bd876961bab4e
humanhash: solar-white-whiskey-louisiana
File name:DUE INVOICES.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:141'742 bytes
First seen:2020-10-20 08:05:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:Ta1/mevfxlx1gj70FYNRQioN+D2h1UixgZRN/qm0LVoFAkUiQK6Rgv6:O1uulzgj70FmQxnh/gZRNiLVoWiQKK
TLSH CDD3124A8F46D41285C06E627B54B98ACF42FEE407166DC234AA25E835EFDE1FB40C37
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: flomicgroup.com
Sending IP: 103.99.1.143
From: "Hovnan Garabedian" <nitinz@flomicgroup.com>
Subject: SOA - PAYMENT FOLLOW UP
Attachment: DUE INVOICES.zip (contains "DUE INVOICES.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.18388.24395.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b20a79bbcd7f5d7e981ab996160812e1f3f54ac809950629f1f437f5a866d70/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 08:02:05 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmqkpg542725p2mbvomwcyebfypt6vfmqcmvayu7d5bx6wugnvya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9b20a79bbcd7f5d7e981ab996160812e1f3f54ac809950629f1f437f5a866d70

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 9b20a79bbcd7f5d7e981ab996160812e1f3f54ac809950629f1f437f5a866d70

(this sample)

MassLogger

Executable exe fe1ba0870e9e6cf4e63c5775a66bc3e0cb91d30e24294d06c0037b68e701ad9d

  
Dropping
MD5 8f1c715ad9dba5d76806ffd55243a7a2
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fe1ba0870e9e6cf4e63c5775a66bc3e0cb91d30e24294d06c0037b68e701ad9d

Comments