MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e405c738b62131d795745ecacff8028fad9ba35db2e46970ee11c1a7a0b14227. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e405c738b62131d795745ecacff8028fad9ba35db2e46970ee11c1a7a0b14227
SHA3-384 hash: cb01016ac8396a948e4b22322689e4561c19f36e30aa4b7f51cf1802df46f05304861f3f197c6edd8be0144f5f94dac7
SHA1 hash: 14d871c1d87d1406818e73bb82c417116b36e7ee
MD5 hash: 0cf94997d85ae66d10222211367a76cc
humanhash: kansas-south-may-victor
File name:PAY-IN-008XXX6.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:801'278 bytes
First seen:2020-12-13 08:33:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:mjP8A5/QsWZOHKzPFq1g1EVCvja5ZDYBG/syU9ogAmILZqY3HL5mN2l2EpNximis:mjksWOKzPMCEVCvj+Yc/syfgAf5DxCc
TLSH 7B05331AF84C08DAABBD418B351D774377224B0557E8ECC6CE5AE798991410E73BC2BB
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: se2d-iad1.servconfig.com
Sending IP: 173.231.248.10
From: Mr. Sales <info@alhussainipackages.comt>
Subject: Attached T/T copy for payment.
Attachment: PAY-IN-008XXX6.rar (contains "ddxWKELkDxNZ6z6.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
280
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.27507.24898.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e405c738b62131d795745ecacff8028fad9ba35db2e46970ee11c1a7a0b14227/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-13 08:33:11 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4qc4oofweey5pflul3fm76acr6wzxi25wlsgs4hocha2pifriitq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e405c738b62131d795745ecacff8028fad9ba35db2e46970ee11c1a7a0b14227

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar e405c738b62131d795745ecacff8028fad9ba35db2e46970ee11c1a7a0b14227

(this sample)

MassLogger

Executable exe d3fd794e64ae0f414de9949be22024ba7edf5341805901af486ff2aa934a6ea4

  
Dropping
MD5 a58d52e7b0722d3c21e62675bb7120cf
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d3fd794e64ae0f414de9949be22024ba7edf5341805901af486ff2aa934a6ea4

Comments