MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 235bae9ae04ff1860775c42e55671d3bb84d5abdf4f0f0267c66c46050f8aaca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 235bae9ae04ff1860775c42e55671d3bb84d5abdf4f0f0267c66c46050f8aaca
SHA3-384 hash: 51a591a5a6a1b37693e07d646b3ac6d0e8ff1414ba636d6cc9f43e0a06808b807f8559fe68efc691e56c11fc7a87232f
SHA1 hash: 0aa0f21d88688af2e38bf574a18c97f9939b6b42
MD5 hash: f35fc88f11874e02e90bb0aa88e2fccf
humanhash: mountain-mirror-saturn-lamp
File name:Product-7783887.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:901'632 bytes
First seen:2020-06-29 15:41:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:L80GEH/0j2CCc8vez+IBX7mD9f09dc8wj6qs6:gOHGZCc8vbIBXyJf0Rwj6I
Threatray 949 similar samples on MalwareBazaar
TLSH 7D15122072B48B55D9FE47F980A06044177A76532923E79D8EC734DB2EB27C10B1BB9B
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ngay24.com.localdomain
Sending IP: 45.127.62.71
From: orpha@kiddle.co
Subject: Byron Distributors Ltd
Attachment: Product-7783887.GZ (contains "Product-7783887.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16432/
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.ENGK.190.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/235bae9ae04ff1860775c42e55671d3bb84d5abdf4f0f0267c66c46050f8aaca/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 15:43:09 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=enn25gxaj7yymb3vyqxfkzy5ho4e2wv56typajt4m3cgauhyvlfa._file
Verdict:
suspicious
Similar samples:
45808d9b0a58982e3bddb4e711f25d5224ad78165fbeb24b1a720358679bcbc3
MassLogger
46fcd198aa60c5510e6afb60b7ca8db803fd876fdbdda5b92481d52d105d1c28
MassLogger
49ebdee0fec93cc0c1815c018bdff160a61568e5e1369336918a97724dd4ad72
MassLogger
73909b3dbd65e3694a5d97988dd78b7c348c30a462344cd5c79a181a4d64c2a4
MassLogger
81ae80d0dc7e949cd78a6b555c1b08ebd8ec89ecf9847f3d1c0d9790b11be355
MassLogger
afb36acc2f0bbabca29232e70f3d7aadc4106083e90b60dc432fbe1db98ddbf7
MassLogger
b18c9e75825836541b9d7015a4a53dacddae7bb29c3bedbca9758349d9de7425
MassLogger
b434ee9215f7c5eb168be08da0470032f1fa75f16d41557fe958e55623bac26e
MassLogger
bb80a789749ace5e8253fbfb512e40d9078b40c10afb2f3822b904ff13ab195b
MassLogger
ece833b1eb93817bbbdaa4e6ae2c05da09afd81704edc29c0908af20156710c5
MassLogger
+ 939 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Link:
https://tria.ge/reports/200629-h9n83pkaca/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Looks up external IP address via web service
Deletes itself
Reads user/profile data of web browsers
MassLogger log file
MassLogger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 0c2202bfc3e20a9a1be645b4ec5295a035c93643c99d20248d85a16dcd424cf5

MassLogger

Executable exe 235bae9ae04ff1860775c42e55671d3bb84d5abdf4f0f0267c66c46050f8aaca

(this sample)

  
Dropped by
MD5 29225761874728db86eacaa6e590f975
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 0c2202bfc3e20a9a1be645b4ec5295a035c93643c99d20248d85a16dcd424cf5
Cape
Cape
https://www.capesandbox.com/analysis/16432/

Comments