MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf3c1b0f1ae0c2e242a886bff147db810d7b269d38c10102592eccaa9fc9e0cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf3c1b0f1ae0c2e242a886bff147db810d7b269d38c10102592eccaa9fc9e0cf
SHA3-384 hash: 2498600fb081ab38c9575ac4234883fda6b6f3c2c887fa88d3cadc96d58ed0aa85896283a53473487eca406b2b2ad114
SHA1 hash: c9cac5f3a78f242471b1eda4364aa9655cc9ddeb
MD5 hash: 080bc4ce0a175442145ffb4c2c34bdd3
humanhash: eleven-enemy-earth-item
File name:USD45000_PMGMAX.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:688'322 bytes
First seen:2020-10-16 10:34:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:cDL+sLyP4q/PKxNFHr/zQGvIxUlB3Dzvjc1QK4/B:cD7LC/PKfhr/zQGvHrc16B
TLSH 49E423151833630F8CEAE760D472E298AF0AC6538EBFF124DEA51E579D3E285843CB55
Reporter abuse_ch
Tags:gz MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: tblr51.logix.in
Sending IP: 121.240.11.51
From: Ashok Dholakia <dholakia@gopalglass.com>
Subject: Fwd: Payment and inquiry
Attachment: USD45000_PMGMAX.gz (contains "USD45000_PMGMAX.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf3c1b0f1ae0c2e242a886bff147db810d7b269d38c10102592eccaa9fc9e0cf/
Threat name:
ByteCode-MSIL.Infostealer.Maslog
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 22:26:30 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z46bwdy24dboeqviq277cr63qegxwju5hdaqcaszf3gkvh6j4dhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cf3c1b0f1ae0c2e242a886bff147db810d7b269d38c10102592eccaa9fc9e0cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip cf3c1b0f1ae0c2e242a886bff147db810d7b269d38c10102592eccaa9fc9e0cf

(this sample)

MassLogger

Executable exe f494f274007601b2fff0e9c7923df52143b8aed4cef4b7ed9b89ca970fd9792b

  
Dropping
MD5 7ac224781752aea72ad48eca936694e6
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f494f274007601b2fff0e9c7923df52143b8aed4cef4b7ed9b89ca970fd9792b

Comments