MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b8cacdd4f8da66d03406af0243d32658acbeadc55095191d24b8dd63183f40d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b8cacdd4f8da66d03406af0243d32658acbeadc55095191d24b8dd63183f40d
SHA3-384 hash: d540bb6a5eef95024dfa3fa65e88d4b983bb00547e458594aa2d5d76487266ee10e9deda397f2b5e76630d3bad3ca2d9
SHA1 hash: 1110b2c0efa46b7eadfc2c47ad9feb9f4e52b273
MD5 hash: 1ee8e18f1524ada651048c2bfdd70295
humanhash: kansas-nebraska-venus-michigan
File name:DEN9840.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:894'570 bytes
First seen:2020-10-09 10:41:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:5kcdsTsxqh/Zwzd365ZLviAZydJbshHVG7TQj0d1:6cdWh/yzd3654AZpHATQj0d1
TLSH 3615332D65B56EC367FEFC9819F6EEF68FF6CBFD416A48C8600061A124D06E41E1108E
Reporter abuse_ch
Tags:MassLogger rar Yahoo


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: sonic312-20.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.128.82
From: susan harrell <susan88harreil@yahoo.com>
Subject: : Fwd: Wire Transfer Payment
Attachment: DEN9840.rar (contains "2NGIQ6xA8V04Ne1.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b8cacdd4f8da66d03406af0243d32658acbeadc55095191d24b8dd63183f40d/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-09 10:43:06 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=togkzxkprwtg2a2anlycipjsmwfmx2w4kuevdeosjog5mmmd6qgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9b8cacdd4f8da66d03406af0243d32658acbeadc55095191d24b8dd63183f40d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 9b8cacdd4f8da66d03406af0243d32658acbeadc55095191d24b8dd63183f40d

(this sample)

MassLogger

Executable exe 703698c23e6a2e0a7fa23c5868bb97bccdca0389b47b0ea33a013a959a4a83e6

  
Dropping
MD5 9b5920634aa7e495f4decfa6aa14610b
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 703698c23e6a2e0a7fa23c5868bb97bccdca0389b47b0ea33a013a959a4a83e6

Comments