MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b647b22504f9880336cba67776e7f72c4706ea683005e0eff799c4731007bd7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b647b22504f9880336cba67776e7f72c4706ea683005e0eff799c4731007bd7f
SHA3-384 hash: dfa07e23b3486b32dc026726b5e151f8c0c0cf8011866f6d567099f293008dbfd7781503028fa9d0996ec7a874bedc79
SHA1 hash: 3912fa26fcc1b0c6ed9c7e8e6b5387699d1ab04f
MD5 hash: 7bcab2a5ad7e54a895c44289004f2502
humanhash: bacon-iowa-wolfram-aspen
File name:BUILDING ORDER_PROPERTY SPECS.BZ
Download: download sample
Signature MassLogger
Create hunting rule
File size:588'016 bytes
First seen:2020-11-20 07:42:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Pz1uVogxYhtnfQEdoz/bTB3ZH/pSJB9aKsJA/xLLTAC4VBCizz040E:ZMogIn9EffIIz0v3WBC9PE
TLSH EDC4239C87D324DAABFC98E8DDA0435E0004692FB5A3C1FC4F9884BB5317DE9845E66D
Reporter abuse_ch
Tags:bz Hostwinds MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: hwc-hwp-617202-806257hwsrv-806257.hostwindsdns.com
Sending IP: 104.168.133.90
From: Carlos Castilo <property01@vilanosproperties.com>
Subject: Interested In the Property
Attachment: BUILDING ORDER_PROPERTY SPECS.BZ (contains "BUILDING ORDER_PROPERTY SPECS.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b647b22504f9880336cba67776e7f72c4706ea683005e0eff799c4731007bd7f/
Threat name:
Win32.Infostealer.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-11-20 00:06:57 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wzd3ejie7geagnwluz3xnz7xfrdqn2tigac6b37xthchgeahxv7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip b647b22504f9880336cba67776e7f72c4706ea683005e0eff799c4731007bd7f

(this sample)

MassLogger

Executable exe ed88adb1fab6005e7c44cb02346bd417aa47a32b0e14ec5c117156dadd37bc79

  
Dropping
MD5 4c3f4f6690113cb6bfe349a2013eb4da
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ed88adb1fab6005e7c44cb02346bd417aa47a32b0e14ec5c117156dadd37bc79

Comments