MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9bebc15ea243aab82c91f22098a4dd0c50404346e5c0c2c4f507e4b1223d9ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9bebc15ea243aab82c91f22098a4dd0c50404346e5c0c2c4f507e4b1223d9ba
SHA3-384 hash: 08bca38b8a6fdc9aa171d5427568353cbdb619c006487f9dfed50d04aa33e64f7035aed476123bcc649aafa19aecc568
SHA1 hash: 9b0190ed95bb6070f96c2d4e6d8f43209e68ace9
MD5 hash: 5cbfddc1c8d0445501a44500dd99d326
humanhash: pluto-item-twenty-leopard
File name:payment swift.zip
Download: download sample
Signature MassLogger
Create hunting rule
File size:699'840 bytes
First seen:2020-10-23 07:02:33 UTC
Last seen:2020-10-23 12:57:27 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:3Bp9LV0kJGBP6jOvFlOgrQvjjTKaU3c7eEwg1tCmhii28nCtpeHokOTD:xp9LyCZg0vjKDc7pwgPCm7zCtoIkO
TLSH 3CE433A5CD955E2D38CDAEA0D2F9514B18E5D0E292ADF30AFDE5FC0648461C2C33C2AD
Reporter abuse_ch
Tags:MassLogger zip


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: gmail.com
Sending IP: 185.222.57.73
From: finance@actonacompany.com
Subject: FW: payment swift
Attachment: payment swift.zip (contains "payment swift.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen10.40632.3952.5712.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f9bebc15ea243aab82c91f22098a4dd0c50404346e5c0c2c4f507e4b1223d9ba/
Threat name:
ByteCode-MSIL.Spyware.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 11:24:02 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7g7lyfpkeq5kxawjd4ratcsn2dcqibbunzoaylcpkb7ewerd3g5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip f9bebc15ea243aab82c91f22098a4dd0c50404346e5c0c2c4f507e4b1223d9ba

(this sample)

MassLogger

Executable exe 433c68e89fe741e7ec59e064861baf726ab0b8637849d9d92fa5e3a2819d211c

  
Dropping
MD5 c4cf28c1d5e4da94c3391b90cd91671d
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 433c68e89fe741e7ec59e064861baf726ab0b8637849d9d92fa5e3a2819d211c

Comments