MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff82b34cd9ac4182c6396daa6d38a5f6d073191882e086114edb42f05862bdc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ff82b34cd9ac4182c6396daa6d38a5f6d073191882e086114edb42f05862bdc5
SHA3-384 hash:	367a432d68dbfa0ff9e03edd45674436044a437ef2861dd037f4afe319ad6b1b6076e1eb6b901a03679cee4c60c65643
SHA1 hash:	0721b14b5f6ad7a465fa08a9592617748e5919d4
MD5 hash:	9f15c98686a86b9c9b02fcb14d1771a7
humanhash:	don-emma-grey-ink
File name:	Order 6403 M6aOVZjZ4hixHYB.zip
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	852'206 bytes
First seen:	2020-06-03 08:38:43 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:homJqUTEz/M6TDGs43xQQgvF9zFQkFB7ol7WJEXVNK1:h8Ug/RWsqyhF9RQM0QYS1
TLSH	CB05335343C43ADA43D47CA16D9D121353A73C23DB8BACF8E66A61DB684760DD2628F8
Reporter	abuse_ch
Tags:	MassLogger zip

abuse_ch

Malspam distributing MassLogger:

HELO: gmail.com
Sending IP: 185.144.28.88
From: <wlomyo.jezco2@gmail.com>
Subject: Inquiry Jezco ltd
Attachment: Order 6403 M6aOVZjZ4hixHYB.zip (contains "Order 6403 M6aOVZjZ4hixHYB.exe")

MassLogger SMTP exfil server:
mail.larosadelmonte.com:587