MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2547c5de670ee1ff29aed0c0b0c3bd2f4c9729966dbbd4c7a674201e656596b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	2547c5de670ee1ff29aed0c0b0c3bd2f4c9729966dbbd4c7a674201e656596b9
SHA3-384 hash:	450e8fe60525b16e82ddac95578253cb9d1a4306b445c1b8d78ac816deed1f1df46ea5951d3ca443e7f1693fef7c4f63
SHA1 hash:	34349692bd4ab9139536196c627a98e281a2359a
MD5 hash:	a2e0647eb123725d7e70e984cafbe345
humanhash:	autumn-lamp-october-seventeen
File name:	a2e0647eb123725d7e70e984cafbe345.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	1'486'336 bytes
First seen:	2020-06-01 07:57:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	24576:vI3MifHI5/UEF5xPduaynzoXNH+GyiI/8zLGnG5KjQghGpqGvZA5YCdA2WGxI:vX5bdxwzg+Gyz8zCG52Qgh4d+6C+uI
Threatray	681 similar samples on MalwareBazaar
TLSH	9165123C83B87DB3D6FD07B4D045420DD2FA89351A97DBAA5A4220E89D473A3F123A57
Reporter	abuse_ch
Tags:	exe MassLogger

Intelligence

File Origin

# of uploads :

1

# of downloads :

71

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-06-01 01:45:45 UTC

AV detection:

16 of 31 (51.61%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=evd4lxthb3q76kno2dalbq55f5gjokmwnw55jr5goqqb4zlfs24q._file

Verdict:

malicious

Similar samples:

0adb2bff99574523019596e93ea3d4c8ec0701e43c94389560ff501e28aaa5b9

0b9bf960a70b60232a00272aec1c69b56ae3baa282b2f7c17ad377a6e8f65b1d

1017b23d5d7849554883e4cf55e8f9136a3344c631485c4786d2cd227b2b5a6a

2088534f73106229d20329297ac7079561b2c6d2ab60631af0b29e416389839a

67c174f4fdeb4a63472a22bb21de9d1b472da3521dcfa4ba8b285e25e1f1fa26

75c8f88c9168d6d1c227c9d97e6c04cd485a920aabc49ef1305c9aae039895ad

79c918eb12cd2f34d937a55c33af9434177fc25f59d7c7c956fdec75344d7cd2

883d8161ac8d88fb5e14aa487743ea14a8937f0144e66f3bb1211e2e88cf0128

8df3f6979cddda955efe2734b84c83411b4f0fa4ff1200794a9c9a99a173b9ad

8e40f99cc08408c1ee5a1ec56357f23d993e29a6c4e5751a6fad33e7c9e222e1

+ 671 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

family:masslogger ransomware spyware stealer

Link:

https://tria.ge/reports/201109-w62rwncwr2/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Maps connected drives based on registry

Reads user/profile data of web browsers

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 2547c5de670ee1ff29aed0c0b0c3bd2f4c9729966dbbd4c7a674201e656596b9

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample