MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fe05742a67d1b9d42e880c738cd37893e7ec73657d8592908b88908bdaac8bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9fe05742a67d1b9d42e880c738cd37893e7ec73657d8592908b88908bdaac8bf
SHA3-384 hash: 553facd7b4acaa5f2989e6d4b584ffa663759027e14857d93ce84f8416e04eb91290e36b3c7509f8b25f8dfd4bb77c50
SHA1 hash: 2e721107bac062725c765cda3f6561de2e12b4e6
MD5 hash: e6016d454089ea04d39bbec1b8d45986
humanhash: earth-oranges-foxtrot-fruit
File name:ReciboXdeXpago.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:108'997 bytes
First seen:2026-06-12 21:53:16 UTC
Last seen:2026-06-12 21:54:15 UTC
File type: rar
MIME type:application/x-rar
ssdeep 3072:mU3myUfrG+QSfS2Ns9PRWPyAb7K/QQ3nvK6mYx1QU1npg:mU3myUfrGlSfS2uTWPyAbd6SKni
TLSH T189B3122B31E601D6A4AF984C79EF6313CB09326D3DE52A47ABB479E3BC02985D275470
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter TomU
Tags:MassLogger rar

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Recibo de pago.js
File size:798'932 bytes
SHA256 hash: 78c375d37aeceb5da37845f1f9a499c7a17390f686fe1ff7895cff41931e9ef3
MD5 hash: 9405d8e15f1dd435c25eed2b968296ad
MIME type:text/plain
Signature MassLogger
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/1c25368e-1ef1-440f-929e-b02d0f1060d5/
Detection(s):
Sanesecurity.Foxhole.JS_Rar_1.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.JS.Starter.169.11200.9455.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-Rar-JS.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a28f6baa15110463ee45dca
Tags:
obfuscate stration shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
conhost obfuscated powershell repaired
Link:
https://www.filescan.io/uploads/6a2c7fe80bddd27b6e06a821/reports/d782c24b-13cf-443d-9d6d-e587e1a68351/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/9fe05742a67d1b9d42e880c738cd37893e7ec73657d8592908b88908bdaac8bf
Verdict:
Malicious
File Type:
rar
First seen:
2026-06-10T16:15:00Z UTC
Last seen:
2026-06-12T13:10:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/9fe05742a67d1b9d42e880c738cd37893e7ec73657d8592908b88908bdaac8bf/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9fe05742a67d1b9d42e880c738cd37893e7ec73657d8592908b88908bdaac8bf/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-06-10 21:25:31 UTC
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9fe05742a67d1b9d42e880c738cd37893e7ec73657d8592908b88908bdaac8bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 9fe05742a67d1b9d42e880c738cd37893e7ec73657d8592908b88908bdaac8bf

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments