MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3fc91cd7cc5a8f622c2c2fc4ad7b5f32ab7455350f6bf84c71fa570d0bebb29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3fc91cd7cc5a8f622c2c2fc4ad7b5f32ab7455350f6bf84c71fa570d0bebb29
SHA3-384 hash: 23e91d40e7c0cf51bdfe28b8c491b909aa891af129d764546a509684995072deddbd79f26a126fa02559bbacdc84aed7
SHA1 hash: 05e4533f9bfd359b49a01991b5f472268503be92
MD5 hash: 7a09dbe06820b7fac7f2747ef4e67ced
humanhash: purple-angel-black-washington
File name:GHB08072020.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:866'612 bytes
First seen:2020-07-08 06:32:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:zGElKiFKhdCSyfEoaSRmSzPU8NNjpcVV0q:zGfiFgdCEugSzPbvpk0q
TLSH 900533BD8777F559B645E53F02D233648B2ECA147412D4B3D2ECB201A285E2EED1AF48
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: dongsonvina.co
Sending IP: 111.90.145.70
From: Sham J. Vaikos <Sham.Vaikoss@varroc.com>
Reply-To: jose.fili.gameiros@gmail.com
Subject: Require quotation
Attachment: GHB08072020.rar (contains "GHB08072020.exe")

MassLogger SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f3fc91cd7cc5a8f622c2c2fc4ad7b5f32ab7455350f6bf84c71fa570d0bebb29/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:34:11 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6p6jdtl4ywupmiwcyl6evv5v6mvlorktkd3l7bghd6sxbuf6xmuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar f3fc91cd7cc5a8f622c2c2fc4ad7b5f32ab7455350f6bf84c71fa570d0bebb29

(this sample)

MassLogger

Executable exe 1216760b7cd8f2c6be3e6ddabaea8e1068faf26f97a5f9a1575a139904cd58d3

  
Dropping
MD5 c30cd0191fdbddd45e213a7b89256749
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1216760b7cd8f2c6be3e6ddabaea8e1068faf26f97a5f9a1575a139904cd58d3

Comments