MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8c1012ee15a746b67962168115e165e638c337d2fa305741b57752218827d7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8c1012ee15a746b67962168115e165e638c337d2fa305741b57752218827d7e
SHA3-384 hash: c48aed3949a7e94ee30f8642b8aabfe41f09d1c3d01066bc854bee41207e4fc71cfa17b1755da2eda56d589e2571e6eb
SHA1 hash: ef5faec831bbd8f234f295985499eacc15e43f23
MD5 hash: 5b9d19e3b977a867e51e076ad3536048
humanhash: west-salami-helium-mango
File name:RFQ 0605176.CAB
Download: download sample
Signature MassLogger
Create hunting rule
File size:847'997 bytes
First seen:2020-06-23 14:56:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:/B9jZ+iqvQejuJB2ZzhCqzLTYpZmL89rdT9LEkys:/0iqvG2TCqzLkPmg/ya
TLSH 580533C0E523AE0918EED79B6A004513E716D147EC07AF078C2AD6D6DF6F2D9BC9890D
Reporter abuse_ch
Tags:cab MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: slot0.rebelliongate.xyz
Sending IP: 45.95.169.223
From: sales@pianotile.com.tr
Reply-To: sales@pianotile.com.tr
Subject: RFQ #0605176
Attachment: RFQ 0605176.CAB (contains "RFQ #0605176.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25093.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8c1012ee15a746b67962168115e165e638c337d2fa305741b57752218827d7e/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 14:58:04 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xdaqclxblj2gwz4wefubcxqwlzryym35f6rqk5a3k52segecpv7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip b8c1012ee15a746b67962168115e165e638c337d2fa305741b57752218827d7e

(this sample)

MassLogger

Executable exe 3027dc21e325fddbc9e6cd21b0491f3270190f219776de4971e510c4490d3c25

  
Dropping
MD5 c711fc1c2e67bfa34d1117e526365033
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3027dc21e325fddbc9e6cd21b0491f3270190f219776de4971e510c4490d3c25

Comments