MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba9056d8017e211407a8915ae3d0132a18c7af6a380c7dd53f6521c5f8bb5af1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: ba9056d8017e211407a8915ae3d0132a18c7af6a380c7dd53f6521c5f8bb5af1
SHA1 hash: 7cc47f4543549148dcbb698af42ced0730e3e811
MD5 hash: b48c180451a952d25f314c446b9e1f6a
File name:New Offer.zip
Download: download sample
Signature MassLogger
File size:804'403 bytes
First seen:2020-05-22 10:05:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:tNll0Ly/Dkfu2oQndYyelZQbODkGxqk/sMxduhdzJwPhQTD1e31q5qU+6RmNWJ:tNaPDndAkbikbk/jjuH9gaf1e4dgMJ
TLSH D30533241A020B7FF771F099A0D83A361E5E8E542E436F6126979FCA67931BD0BD70E4
Reporter @abuse_ch
Tags:MassLogger zip


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: fre.freespirittours.ge
Sending IP: 192.254.140.61
From: executive@freespirittours.net
Subject: RE: PROFORMA FATURA
Attachment: New Offer.zip (contains "New Offer.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country FR FR
ClamAV SecuriteInfo.com.Trojan.Inject3.40368.24052.32473.UNOFFICIAL
VirusTotal:Virustotal results 24.24%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip ba9056d8017e211407a8915ae3d0132a18c7af6a380c7dd53f6521c5f8bb5af1

(this sample)

  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment

Comments