MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ae8eb9d4bc0b3f87a57648f25938b346986101428a5ed2a3f6c6d68bd5f5b4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	3ae8eb9d4bc0b3f87a57648f25938b346986101428a5ed2a3f6c6d68bd5f5b4d
SHA3-384 hash:	7d93dd3e1b99e9f9740c80dfd7c8c30eb185fea6223332d81d7bfe1bb6921a7f5f5871e46d29164fc4727a5368fba504
SHA1 hash:	636738162a4b5d516c15689152a93dcb4475cef1
MD5 hash:	e9be709ac260b6fee77c32cecdea793b
humanhash:	indigo-south-october-ohio
File name:	PO457812.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	1'000'960 bytes
First seen:	2020-07-09 13:36:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	24576:9LTESRpzD6fzASC49bQ64myvHO2Gs/jMAXL+CRYaZ:9LwSH+fzVT4mWHl/wAXL+C1Z
Threatray	2'043 similar samples on MalwareBazaar
TLSH	A02523B6F14C0EB7CA384AF96861A0044FF4594721E9F6D96D8A31DC18F9FD86D00ADB
Reporter	James_inthe_box
Tags:	exe MassLogger

Intelligence

File Origin

# of uploads :

1

# of downloads :

73

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3ae8eb9d4bc0b3f87a57648f25938b346986101428a5ed2a3f6c6d68bd5f5b4d/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-07-09 02:02:38 UTC

File Type:

PE (.Net Exe)

Extracted files:

10

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hluoxhklycz7q6sxmshsle4lgruymeaufcs62kr7nrwwrpk7lngq._file

Verdict:

malicious

Similar samples:

1c2f10aaf4e8b9a9e90316e8b470616bac893609cd85374cb11bb4a1a3971e5b

1debc399539d6dddfa7522dbf42b2ade7d0e56179588fae9f144301a84629e50

408cd033f668e95e4e65ea4ef406d63910b7b04158efa491ed704196a2a5063a

4ff6913b35226527d4bb0bd458d326ad3d1bdd50b90aaac6d4eae1f7f43922c1

51e016d7614461f51389151f4dce30de7db0945f781b4d7d6ec6ab1ef97935fa

68127a3666833ba7ab999e65ed3c94b02f6fded7b3d468cecc3895ef340ef833

775cbf86bee09ee9b8024f2d8da2ce47cbfc29d2a907df7387bc87fbfae40dcd

7d3068aff051388b3332905ca9a26a10a1cd96441e3be9d908cd839088cc9d65

a4d4f50a2dff36ea8d3f92a832578a875c3f6a3ce227f1263114bf9dcbe9e335

c4031838bc163076ff2845546cad4c409d9cec8a2100d78d4ea1ea75579f7c37

+ 2'033 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware spyware stealer family:masslogger

Link:

https://tria.ge/reports/200709-r1mnxng5d2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Suspicious use of SetThreadContext

Looks up external IP address via web service

Maps connected drives based on registry

Reads user/profile data of web browsers

Checks BIOS information in registry

Looks for VMWare Tools registry key

Looks for VirtualBox Guest Additions in registry

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/23824/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample