MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a015d549105cb1a7522ee546aaea0641067f2e35fdee83dbcb2bca47090f936b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a015d549105cb1a7522ee546aaea0641067f2e35fdee83dbcb2bca47090f936b
SHA3-384 hash: e3ddb84b4dd3edbf1e6766b0d998f4418278e13f63fab78a52fc1c6b83ad8fd6bb7f4c18e5bbd2993dc7c59e575208b6
SHA1 hash: b50b20dc53da05fb8dbe910f21f3a9c89bf99797
MD5 hash: c0b0ccf47d2187e5bd20fca41a114e19
humanhash: kitten-table-cold-moon
File name:Nqwyfkrohm.z
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'292'684 bytes
First seen:2022-10-31 15:19:25 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:JJ0WUpi0KFbIPBPSqhYYdyXRrp5LaNWBhctwTyRknblpRSWph9:v1UpihmP13YYdyXFP+WcWTyRqJLSw9
TLSH T1225533E367CAD62F9BCBFB59B34EE01CDF86B4867210F054919649860C72F19438923B
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:MassLogger z


Avatar
cocaman
Malicious email (T1566.001)
From: "Al-Hassan<brt.tho@pescadoswear.com>" (likely spoofed)
Received: "from mxcvmutw.pescadoswear.com (mxcvmutw.pescadoswear.com [92.52.217.173]) "
Date: "31 Oct 2022 05:42:33 -0700"
Subject: "Purchase_Order"
Attachment: "Nqwyfkrohm.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
180
Origin country :
n/a
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Nqwyfkrohm.exe
File size:4'754'944 bytes
SHA256 hash: d6f73562c2013f0fe1ef835228ec4e7ff3fe5f9d19b698c4f68bd17b406e783d
MD5 hash: e7f73efb6f431a4dcfd419ed2123e14c
MIME type:application/x-dosexec
Signature MassLogger
File name:32512
File size:20 bytes
SHA256 hash: 7b4d525bbb7611de9a37601dd66690dd150e7e77623357efad7c425473a7c7df
MD5 hash: 4f2969c1575c0be07ad50103439928db
MIME type:application/octet-stream
Signature MassLogger
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/635fe7a3ce1f43143c2a338f/reports/28118759-2d94-404e-aea0-68314881d61a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a015d549105cb1a7522ee546aaea0641067f2e35fdee83dbcb2bca47090f936b/
Threat name:
ByteCode-MSIL.Trojan.Scarsi
Create hunting rule
Status:
Malicious
First seen:
2022-10-31 10:52:52 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
19 of 40 (47.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uak5ksiqlsy2ouro4vdkv2qgiedh6lrv7xxihw6lfpfeocipsnvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a015d549105cb1a7522ee546aaea0641067f2e35fdee83dbcb2bca47090f936b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

z a015d549105cb1a7522ee546aaea0641067f2e35fdee83dbcb2bca47090f936b

(this sample)

MassLogger

Executable exe d6f73562c2013f0fe1ef835228ec4e7ff3fe5f9d19b698c4f68bd17b406e783d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d6f73562c2013f0fe1ef835228ec4e7ff3fe5f9d19b698c4f68bd17b406e783d
  
Dropping
MD5 e7f73efb6f431a4dcfd419ed2123e14c

Comments