MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09fb066f4a5fbc57b4d592a8443151578605c8a573746c3989a79bd1fa28c3a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09fb066f4a5fbc57b4d592a8443151578605c8a573746c3989a79bd1fa28c3a2
SHA3-384 hash: 796d40c6845e9aa2b703d07fef92636a034fff1f1230eef31d1794b687d8d3578374afd0c87613bdbee4faf2206e9d20
SHA1 hash: 348526d5cfab048b0ace542c4dc678831aa5fcb7
MD5 hash: e8634ac042bdcd6d94f2e8893e492f6d
humanhash: ink-cola-romeo-sweet
File name:transgear.in_bana_AwzkD3epCIxtmrC.exe.malw
Download: download sample
Signature MassLogger
Create hunting rule
File size:682'496 bytes
First seen:2020-07-02 22:54:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:YeHPL05f4puNWCLh82vT2VxMawvQ1an4iANBdWk:B01wBirr2Vxt4n4i
Threatray 748 similar samples on MalwareBazaar
TLSH 70E402302746FF5CE5A4C674712342022E3E795B6655EB5E3C4522AD1CF2F88CBAB2E1
Reporter ov3rflow1
Tags:malw MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18542/
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/09fb066f4a5fbc57b4d592a8443151578605c8a573746c3989a79bd1fa28c3a2/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 22:56:06 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
731f3dcbd307b5302043212c4a4cb1c1cc308ee31c774da3a096606bc35ed636
MassLogger
935a6770543edd37e4ecf3dd41f5b99ac4b6ecbadc1ad195b6080f677c506cd3
MassLogger
af34abd9ebf843a20d33224397e71493847e1c903082bb39f4c3029da58d5b05
MassLogger
b7cb60d089ef36aba7f0f58abd759a5c71f755f1b7842ce1f2acb11c4e192f0d
MassLogger
bcf6fbcc0ec49a0a368bb59ac144138118aa37aac01eddf9cab4fa90e41f9e52
MassLogger
c2cc66ffc0aa0e8aca95e53d21258868583a2048d0c25538c5b25b47621224b7
MassLogger
d9019cb11445834f1406f08551653edc2f6f06caa32dfbf640e422c77a93f5f7
MassLogger
d9146883a7ac6f961a504acac6cd2e2a538eb102aec9c07d571541ac1ea976aa
MassLogger
f2928aee1a9d89b026c0fbb75b913ad0613aa48c4539bebbc8c89e8be1ad0365
MassLogger
ff0b197ef34800ad007a5caedaf485af5ae523343ce8ec106d3a253d2c0a4a35
MassLogger
+ 738 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Link:
https://tria.ge/reports/200702-z343v3ltfj/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
MassLogger log file
MassLogger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/407319/
Cape
Cape
https://www.capesandbox.com/analysis/18542/

Comments