MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ae9562563888e54d90d5a869caaa7c81213273467a71c28fb50349cf967741e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	1ae9562563888e54d90d5a869caaa7c81213273467a71c28fb50349cf967741e
SHA3-384 hash:	a6b50cba7bb872d0a10a881a9d60fd3a5077d11bb789cd4724654d2642b0c7c24045dd31b23e1c0acbffc232d838e9f2
SHA1 hash:	49c8d92385d4681511661f917825aa8c25d873c0
MD5 hash:	6160f94fc82e1805b8a58c57b835d658
humanhash:	pluto-fruit-undress-winter
File name:	AKBANK E-DEKONT - 03082020 - REF0019212 - SKBMT03082020-0012-IMG0149.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	15'360 bytes
First seen:	2020-08-04 10:46:15 UTC
Last seen:	2020-08-04 10:53:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	384:Q18JoWm7qAnpgGZUXMPt2Xb1NMesWA3gi7+pxO:L+tnpgGaXbOZ3g3O
Threatray	693 similar samples on MalwareBazaar
TLSH	4C62A33D17AC45E2CD73C272E9DB82007EBB5686F89A5A3F24D54715E68279032E336C
Reporter	JAMESWT_WT
Tags:	MassLogger

Intelligence

File Origin

# of uploads :

2

# of downloads :

67

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/38500/

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Launching a process

Creating a process with a hidden window

Creating a file

Using the Windows Management Instrumentation requests

Sending a UDP request

DNS request

Sending an HTTP GET request

Creating a window

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

evad

Score:

26 / 100

Link:

https://www.joesandbox.com/analysis/409038

Signature

a

B

c

e

h

i

l

n

o

p

r

s

t

u

w

x

y

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1ae9562563888e54d90d5a869caaa7c81213273467a71c28fb50349cf967741e/

Threat name:

ByteCode-MSIL.Trojan.CryptInject

Status:

Malicious

First seen:

2020-08-04 10:48:06 UTC

File Type:

PE (.Net Exe)

Extracted files:

2

AV detection:

25 of 28 (89.29%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dluvmjldrchfjwinlkdjzkvhzajbgjzum6trykh3ka2jz6lhoqpa._file

Verdict:

malicious

Similar samples:

14a6d8b3111df647667bfe418bfd55354a13e1b7b3f69e229d9495dc6fd6ab34

1872a9eaa84a2a54125c3d8e5196f998808f808942c69192340e731a58ff971f

2302005fdd7c57d73c350d541fd0020b051efffdf02a4f3c3e1671cacea30043

7391f3917523baee91e92967c12e20c57448474696590fcbc6e5e6b3c5e21f78

8fc4747ee4e9b358ddd1dffff19b0b3f5166e8b4ef15257be68d3fa2decb347e

978d501d754314e4e9fb7d64e455a83407321b2410ac0682181d978f8973bf56

9bd0b49f2258798d9ee1a8a766bf3fff7527ca463d24f35b27081879cf937890

a13424875703c2b22381b0f2db797498bca3ac5b677e2e30ae3441aeff6b9e0e

ec2433fe91061cb731a1828ed41897b005983b5b5092ffe561e76b217c12cef8

eea7d4aca711aac314c2084ec894f1a02077e3c15e1d2dde7ec6fb3b902f0842

+ 683 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware spyware stealer family:masslogger

Link:

https://tria.ge/reports/200804-ea4q2heh1x/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of web browsers

Blacklisted process makes network request

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1ae9562563888e54d90d5a869caaa7c81213273467a71c28fb50349cf967741e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/38500/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample