MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14fd527270413bbe03889b5082000818055ae981fd2ea0df41f24ff34c7c4621. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14fd527270413bbe03889b5082000818055ae981fd2ea0df41f24ff34c7c4621
SHA3-384 hash: f8eee6595cf12f11e246e6d42019b31dcae61a322985a4bb473bdb4a3aa4da12277425767518c6fa37e63780c9256bab
SHA1 hash: 42f995c72e811aee071480f54aa85e8e098c70e3
MD5 hash: c5a8026824b4cd2fb3f13b7393eabfb7
humanhash: louisiana-spring-nine-hamper
File name:PO 3323.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:2'301'952 bytes
First seen:2020-06-06 09:42:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091 (881 x AgentTesla, 737 x FormBook, 236 x SnakeKeylogger)
ssdeep 49152:sVg5tQ7aMmYxbdAXHT7J6C604swwB1IQ6Fni5:Wg56pxbYT67sF7IQin
Threatray 1'369 similar samples on MalwareBazaar
TLSH E0B5012373DD8361C3B26273BA267711AEBF786506A0F46B2FD8093DE860161525E773
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: linkwell.com.tw
Sending IP: 45.147.230.226
From: Christine Wang <christine@linkwell.com.tw>
Subject: PO# 3323 (LINKWELL INDUSTRY CO., LTD)
Attachment: PO 3323.r00 (contains "PO 3323.exe")

MassLogger SMTP exfil server:
mail.cyberclone.biz:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 04:01:15 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ct6ve4tqie534a4itniieaaidacvv2mb7uxkbx2b6jh7gtd4iyqq._file
Verdict:
malicious
Similar samples:
1a1e5e11d4fc8b5b0b1b8d7ba56879a75c9079aa63c613d2f266a1b84bc15cfd
MassLogger
43c22ad8da4c7b3702e70d5c97e7ceed85a50dbd7926fccc5eda0bd775fcec51
MassLogger
69a72a4e6627e9d4f81f2a4a7d83438fa05301a909093a2e86284d2bd3f9bbaf
MassLogger
6e9f7bde41c353c8f2f492dd4e41454a45a8d8d222f2593d7174dca50e410f44
MassLogger
786b5266ae016683f13abe07cb1e99c01b2d617d3ca7518da086571d9f158d1b
MassLogger
7cd0f0947f0485f250747fe2e8eee845d912830239a949ac721335824ee03365
MassLogger
a500f27709fb009950d25abae11f25c6e8e0205d15931530467ecfb342a661ad
MassLogger
b8cedaeefb46ff748af412d63d33b2d508966d4e33fd88efc592072b64017f5c
MassLogger
d9d166ad30417f3158f7228c54985f97fe502523f910f14fbc5f7fb729c85e56
MassLogger
f8166e1205c9dd0761f42f47c8d3e3c944b72b1fd3713a0383040f263987a649
MassLogger
+ 1'359 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger ransomware spyware stealer
Link:
https://tria.ge/reports/201109-s9elywa3g2/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:masslogger_gcch
Create hunting rule
Author:govcert_ch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 75b75fd8f21d4a1ce96722f39ce687ca6f3be28f9ed1f5137c512a71b98a883a

MassLogger

Executable exe 14fd527270413bbe03889b5082000818055ae981fd2ea0df41f24ff34c7c4621

(this sample)

  
Dropped by
MD5 4906bd6646e47e2fe228ddb02ac4b729
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 75b75fd8f21d4a1ce96722f39ce687ca6f3be28f9ed1f5137c512a71b98a883a

Comments