MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e8c4ea04759257bb250d60f1a3b1988888044fd06ce2f9fccef81b047eee4bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e8c4ea04759257bb250d60f1a3b1988888044fd06ce2f9fccef81b047eee4bc
SHA3-384 hash: 287779ed77baa41fb39f8de42c5b5996cb568da5f07e4b7a87d62fef45e80b95c710cba016a4ebfd6d84a7fb614230d5
SHA1 hash: 43e20a6ec83da77bb088f239789a7706cdf25d32
MD5 hash: 6e8c79af60ee5864468cb27b179cc470
humanhash: connecticut-minnesota-sixteen-twenty
File name:swift.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'239'040 bytes
First seen:2020-08-18 06:18:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 639357242ed279ceaa4726408d2cc6d5 (10 x AgentTesla, 4 x Formbook, 3 x MassLogger)
ssdeep 24576:kF7OuHzkK4d7403c8Un2RTq0tGet1U7WNKroawv1oEL:kFy+f8nc8UnVv7UQoawWEL
Threatray 531 similar samples on MalwareBazaar
TLSH F645C022A1E04836D1B229784C3F7AB8983BBF1039FC55477BE47D089F3A6513565E87
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail-cld-x17.trdns.com
Sending IP: 77.245.145.67
From: Account Payable <info@doseglobalservices.com>
Subject: Swift Confirmation
Attachment: swift.r00 (contains "swift.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47508/
Detection(s):
SecuriteInfo.com.BScope.Trojan.Crypt.5088.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Unauthorized injection to a recently created process
Sending a UDP request
Using the Windows Management Instrumentation requests
Running batch commands
Creating a file
Unauthorized injection to a system process
Enabling autorun by creating a file
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e8c4ea04759257bb250d60f1a3b1988888044fd06ce2f9fccef81b047eee4bc/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 09:01:16 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b2ge5ichlesxxmsq2yhruoyzrceiarh5a3hc7h6m56a3ar7o4s6a._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
3fd662d7caf82ecc8b61b4fa261bc51510851aa36099a85f66c2689c507e11d7
MassLogger
4c8728146976e30a09321d1e158aeeb46908c54fa8614ccef7fbc9761956eca4
MassLogger
5bcbbf82aa7c1bde8cddd6a6d50b4b082555ddb0dd23dd468ef238850238ed2a
MassLogger
6cf454ec0892e0367356ae674e93612f1c23d9c99874d8ff7de7d77055cbf9c6
MassLogger
7cfa62ab7a592f04b4268ad35e2a90739666f9d5e91eaa5808dd8ba11239f43d
MassLogger
84742df4cd63ab373d601a9f4900b1b55f41ea5f48d93eaebb68b9fd4bf8235a
MassLogger
a9f8d8a5503dca2d63d36e17041e6d065a6bf7bad41c000dd6d5a1e73d18d786
MassLogger
b8789e245fdcc8f15b3e86a516660004980a8febea95077b7606e5bfc4a7bd31
MassLogger
c7202ac90daa5d696736a32eff2c930eba08332c9416ff6a464ce3ea17f414f9
MassLogger
fa1dd731e06f5a7470f45a3f09f0b39d2e236d022c9a9d6e52828e8214c5893e
MassLogger
+ 521 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware upx spyware stealer family:masslogger
Link:
https://tria.ge/reports/200818-m59xvlg3b6/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Drops startup file
Reads user/profile data of web browsers
UPX packed file
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 7600e9dd3d1d05f03b79685fed1484b943f2898495522449106864d905744616

MassLogger

Executable exe 0e8c4ea04759257bb250d60f1a3b1988888044fd06ce2f9fccef81b047eee4bc

(this sample)

  
Dropped by
MD5 db41b2a4e521863744df851b2a06be44
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47508/
  
Dropped by
SHA256 7600e9dd3d1d05f03b79685fed1484b943f2898495522449106864d905744616

Comments