MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c41f0ba4966ab182ac2458b218789c383814e2d6a572dc6cae18645bfa54c40d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c41f0ba4966ab182ac2458b218789c383814e2d6a572dc6cae18645bfa54c40d
SHA3-384 hash: b69d90dc24cf26fed9b14abeeeeed4e94c8bab7e6d664ab50e28ae82d5d69004a12ebcaa1a04a159a88003d52cc617bb
SHA1 hash: a894b023acdebace51b24e19e5dffc68262fdd81
MD5 hash: 6e2e0757f0100ab868f9a75fad4cfe41
humanhash: robin-oranges-magazine-video
File name:Ggaygtiujst.z
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'199'130 bytes
First seen:2022-11-03 07:16:51 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:3jz8QQu11bCS6MjvENWKM614h4OcA8kA+/tXNd8szbm7+m:bQufCS6OKhM6el1Q+W8bi
TLSH T1E24533A6503687E83B317765624030DB6FE5B0301F018BCBD9677ADD8A1A642F4A6D3F
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:MassLogger z


Avatar
cocaman
Malicious email (T1566.001)
From: "Sales1<brt.tho@pescadoswear.com>" (likely spoofed)
Received: "from mxcvmutw.pescadoswear.com (mxcvmutw.pescadoswear.com [92.52.217.173]) "
Date: "02 Nov 2022 09:24:27 -0700"
Subject: "New Purchase_Order"
Attachment: "Ggaygtiujst.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Ggaygtiujst.exe
File size:1'216'512 bytes
SHA256 hash: 10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054
MD5 hash: e3f1a6ef1101aa4fae208dea686c518b
MIME type:application/x-dosexec
Signature MassLogger
File name:32512
File size:20 bytes
SHA256 hash: 7b4d525bbb7611de9a37601dd66690dd150e7e77623357efad7c425473a7c7df
MD5 hash: 4f2969c1575c0be07ad50103439928db
MIME type:application/octet-stream
Signature MassLogger
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63636aef41979aedb8d52ffd/reports/04bb4fc7-df4e-4dcf-9d23-3f95a3cfc00f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c41f0ba4966ab182ac2458b218789c383814e2d6a572dc6cae18645bfa54c40d/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2022-11-02 03:57:01 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 41 (43.90%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yqpqxjewnkyyflbelczbq6e4ha4bjywwuvzny3fodbsfx6suyqgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/c41f0ba4966ab182ac2458b218789c383814e2d6a572dc6cae18645bfa54c40d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

z c41f0ba4966ab182ac2458b218789c383814e2d6a572dc6cae18645bfa54c40d

(this sample)

MassLogger

Executable exe 10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054
  
Dropping
MD5 e3f1a6ef1101aa4fae208dea686c518b

Comments