MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0c944c8a43bdd1f51bda0c74724c4958a396f13c02fda923c38ed292fb0c7e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0c944c8a43bdd1f51bda0c74724c4958a396f13c02fda923c38ed292fb0c7e6
SHA3-384 hash: 3218dc99873ceae3cd1c1d1c0a307cd1a833136f05791d3e8fd00ba7d59acb26e22dec3fc5ee0a57595b6ba4487e2631
SHA1 hash: 8735c073887a5509d0e9185ff9bbd59cc5bb5a8c
MD5 hash: 3de70edaae702c6c58305c2fb1b6d139
humanhash: table-river-item-low
File name:parcel_info-pdf.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:699'899 bytes
First seen:2020-07-05 07:30:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:X1ATyDnpO8WEadikrOtjTNTQSznUyYCoXWv2IUWbYka4YSx5/7ncuDHKf:J7VqI3NzUtCLuvWGN25/7nxLa
TLSH 33E433CAF2B1D0664EFBAB903329277346143A61925B035A2170FB26FFF526F5DD8844
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: sprint.co.id
Sending IP: 156.67.220.83
From: Aramex Emirates LLC <info@sireonline.com>
Subject: Information about your delivery
Attachment: parcel_info-pdf.zip (contains "parcel_info-pdf.exe")

MassLogger SMTP exfil server:
mederfashion.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0c944c8a43bdd1f51bda0c74724c4958a396f13c02fda923c38ed292fb0c7e6/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-05 07:32:07 UTC
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ydeujsfehpor6un5udduojgeswfds3ytyax5ver4hdwssl5qy7ta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip c0c944c8a43bdd1f51bda0c74724c4958a396f13c02fda923c38ed292fb0c7e6

(this sample)

MassLogger

Executable exe 553ee875b3fc39e67daff6b7ace6590da149818f31bc7f84bc115858d10ab4f9

  
Dropping
MD5 72896ea3476d80b1be18767b45192c7d
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 553ee875b3fc39e67daff6b7ace6590da149818f31bc7f84bc115858d10ab4f9

Comments