MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 296b2d6c24dd68f7a59ea4388d979bba6572c288ab891cd35ec81e56c602318d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 296b2d6c24dd68f7a59ea4388d979bba6572c288ab891cd35ec81e56c602318d
SHA3-384 hash: 2b36dadfd09890e561b9bc6d1a7b3a93adfb7ca6c41f6ef823905a6d7b6010a46c9159e7b217ee5646808cb414c6d36b
SHA1 hash: f2dbb57a824853f48a6b16797e9682b328078b93
MD5 hash: 5871c56853982658b13619b6beae47da
humanhash: ink-nineteen-pizza-oranges
File name:ttttttt.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'374'720 bytes
First seen:2020-06-26 05:09:36 UTC
Last seen:2020-06-26 20:25:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a29f4efb911c4906418600fd25679688 (11 x Loki, 10 x AgentTesla, 2 x HawkEye)
ssdeep 24576:T69dI9Dl7bPF4sm9dNdNByMEfAm0sjameYIeUvqQzWkthC7PJrOOA+oqP:T696/ieAm0heUW1rTP
Threatray 2'200 similar samples on MalwareBazaar
TLSH 0C55C0E2F2B1C433C1721A3B8D6B52F5542A7E01B92869466BE4FDCC9F3B24135352A7
Reporter jarumlus

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14559/
Detection(s):
PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.10803.7096.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Unauthorized injection to a recently created process
Using the Windows Management Instrumentation requests
Creating a file
Running batch commands
Unauthorized injection to a system process
Enabling autorun with Startup directory
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/296b2d6c24dd68f7a59ea4388d979bba6572c288ab891cd35ec81e56c602318d/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 22:01:20 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ffvs23be3vuppjm6uq4i3f43xjsxfquivoerzu26zapfnrqcgggq._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
030b56f2c3d4f312d274d0d8d6176e609967ec6a280c7e3356e380fc1d4cbe51
MassLogger
090f00c2fac982400e72c628633fbc922f445f95a7512b16fd7cc8dd14b66277
MassLogger
46fcd198aa60c5510e6afb60b7ca8db803fd876fdbdda5b92481d52d105d1c28
MassLogger
49ebdee0fec93cc0c1815c018bdff160a61568e5e1369336918a97724dd4ad72
MassLogger
5caa7e9eb486ca9161d410e9fe1dc4074c3b0c66f8d6cd05ab5ae6dd35837c5a
MassLogger
619d55dafa6cfdc23580e3a1e8a57ef3a246a0163385f4a61a591ac0517d85f6
MassLogger
90dfa7c4314a5e27a2efb782570ed9f397907d64ad3fa293bccdf62c0f456243
MassLogger
a564fdfc9313e139ccabe2e6b1154598ea3baebd20abde1125a6513789b54fa4
MassLogger
a996aee16f79f6152b8516e615f3a9f78d6dab679a47d5f79d6cab5a1a04dd2f
MassLogger
d7f723006bca775ea723bcb6af0415357efe543e37791d2997b5100f4c775708
MassLogger
+ 2'190 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Link:
https://tria.ge/reports/200626-x76zmnrs3s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
Drops startup file
UPX packed file
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 8eb48dc7cab80734e38199367de43421aebe7c92e036e056c9f7ce69378eef43

MassLogger

Executable exe 296b2d6c24dd68f7a59ea4388d979bba6572c288ab891cd35ec81e56c602318d

(this sample)

  
Dropped by
MD5 1b0410371ef6b8fa294ab12e2ed92028
  
Dropped by
SHA256 8eb48dc7cab80734e38199367de43421aebe7c92e036e056c9f7ce69378eef43
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/14559/

Comments