MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 192896dbc7744f51c63044f4bf8a0fd260cc73ddcc84200161ce45b81c7e9e50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 192896dbc7744f51c63044f4bf8a0fd260cc73ddcc84200161ce45b81c7e9e50
SHA3-384 hash: 24c45d75a9a7c683f763fe2c21f13d564c6324a2bd51462141d8f338967645d3ec4921b679b17aa56668b2eeb600b5fc
SHA1 hash: 83789dd42bea9365cfa0c9b3498e4ce0c2c9808a
MD5 hash: 0c745a8bed9b15ae636a3a4cdfd1ebb0
humanhash: speaker-pennsylvania-johnny-zebra
File name:DEBIT SLIP.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:793'600 bytes
First seen:2020-07-08 06:37:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 24576:huU+xBXXkxEBtUXdT1MK1yKyY4WNgcj3Z1Lv:0U+v9rIT1MKQpY46gqrLv
Threatray 1'127 similar samples on MalwareBazaar
TLSH 64F4D0B132316E63C63E08F5900134405FB5A4AB756DE2D8BDC3B1DB41D6FD09A92ABB
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: "WellsFargo (US)" <acount@hitachi-payments.com>
Reply-To: acount@hitachi-payments.com
Subject: ADVICE OF DEBIT - BANK CONFIDENTIAL
Attachment: DEBIT SLIP.zip (contains "DEBIT SLIP.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/22854/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/192896dbc7744f51c63044f4bf8a0fd260cc73ddcc84200161ce45b81c7e9e50/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 13:16:48 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=deujnw6horhvdrrqit2l7cqp2jqmy465zsccaalbzzc3qhd6tzia._file
Verdict:
unknown
Similar samples:
03a99b633ca01928659955c896a703e45cbc1527738b53a5d6267fa8da44c030
MassLogger
0af307702055e443dd8ceba3a2b2022609442fd7f6c5358180ec8c6b581d21e5
MassLogger
3b0f4ded1d22a750821ae19238a6797a7bacb7b0c60ee2f564d46ad4861ceee8
MassLogger
47e5d3ce3db665ba1bd95863dedaebfc2c837f6e70747a614408451c50b7d564
MassLogger
516af190e411859eafe3334997490013f00b0a6199ef034a584df640a3993440
MassLogger
61c7750e724cbe16f38b96cb8118daac29977ce677bade5f7c215a6b97b16d84
MassLogger
68cc2dbe766234de0ce7f8853b2526bc8fa7194c106f0cecd55683e297d3764f
MassLogger
954171c43ee36bd140f210f717cfd680607c10d761a425e5a7306fc28c983d2a
MassLogger
c2221b7f65afde44bb459fec37286e4ad1f032d30be34d04527497c4b6acfdbd
MassLogger
d63293a1c8b19e0a042d92655ffa095412af2804a2523b31cfeb4e11e1fb772a
MassLogger
+ 1'117 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Link:
https://tria.ge/reports/200708-nyphefj7tn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious use of SetThreadContext
Looks up external IP address via web service
Maps connected drives based on registry
Checks BIOS information in registry
Reads user/profile data of web browsers
Looks for VMWare Tools registry key
Modifies the visibility of hidden or system files
Looks for VirtualBox Guest Additions in registry
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip b96cfbc6878aabb8d480b165c2576c68af6807c8b80bc80810effd84be7f08e7

MassLogger

Executable exe 192896dbc7744f51c63044f4bf8a0fd260cc73ddcc84200161ce45b81c7e9e50

(this sample)

  
Dropped by
MD5 c0208c4dee22456b9a4f6db10918edfc
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/22854/
  
Dropped by
SHA256 b96cfbc6878aabb8d480b165c2576c68af6807c8b80bc80810effd84be7f08e7

Comments