MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ef58aaf1eb6f6244266915ba7e92e10dfeae9fdbb3dbc141389dd0d02ecbcd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ef58aaf1eb6f6244266915ba7e92e10dfeae9fdbb3dbc141389dd0d02ecbcd7
SHA3-384 hash: 4e416915cd886d2c84d5160f798f07bedd381094b7b11d1fb9d46ceaa0265d95b6be8d5600553fdf3f3878cdf2ffb993
SHA1 hash: cb0dc0ebc70560af7af6e7d2a0e695e09eead4f2
MD5 hash: b434b4be997da9e45b253c839d06c78d
humanhash: don-north-avocado-south
File name:SWIFT-COPY30000.lzh
Download: download sample
Signature MassLogger
Create hunting rule
File size:649'333 bytes
First seen:2020-10-27 12:56:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:jraSo08Dsw88PpKaCcmz0RS+wwt9NaftkJugMyHtBRwcm5SqzTKbICJU1K0y:jr9o08FP7CcmyHzqtQ1ZHtBO3zTZ8L
TLSH 8AD423D89700DDD083C374FD9BA021C4311E867DE36A68A51DEAFBB63E3A2795457C21
Reporter abuse_ch
Tags:lzh MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: smtp.brenntag.nl
Sending IP: 37.74.78.5
From: Theo Rutten <Theo.Rutten@brenntag.nl>
Subject: Swift copy- Payment advice
Attachment: SWIFT-COPY30000.lzh (contains "SWIFT-COPY30000.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9ef58aaf1eb6f6244266915ba7e92e10dfeae9fdbb3dbc141389dd0d02ecbcd7/
Threat name:
ByteCode-MSIL.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 08:14:28 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t32yvly6w33ciqtgsfn2p2jocdp6v2p5xm63yfatrhoq2axmxtlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MassLogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9ef58aaf1eb6f6244266915ba7e92e10dfeae9fdbb3dbc141389dd0d02ecbcd7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 9ef58aaf1eb6f6244266915ba7e92e10dfeae9fdbb3dbc141389dd0d02ecbcd7

(this sample)

MassLogger

Executable exe 7147272a79a6aea52547c729c4eafcc67926dd658f7f851db93cca096f6a5630

  
Dropping
MD5 931dd95d479a4eca93fde9343c022d24
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7147272a79a6aea52547c729c4eafcc67926dd658f7f851db93cca096f6a5630

Comments