MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ce259abdca64cabc5ac51d1810ccff6a02fed247f4e65884d4fa4d23f18e086. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	3ce259abdca64cabc5ac51d1810ccff6a02fed247f4e65884d4fa4d23f18e086
SHA3-384 hash:	784a5b9e07001aea2d8cca6e8058b970cfdb2342e73f629f42148fb0c18c4775a27b340180abf392ae64125ac8e6d9cf
SHA1 hash:	24bddc3fee66de67a6db095ed22033af895e7b41
MD5 hash:	aff458f89b918aca8c12c638ce8fece2
humanhash:	pluto-high-nevada-double
File name:	kesh.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	1'359'872 bytes
First seen:	2020-06-22 19:25:06 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7a3b36319e10a182a46078ebecd565ef (13 x AgentTesla, 4 x HawkEye, 4 x Loki)
ssdeep	12288:3GeRii6YfY4FBgEMo+3z9SFnbHhnmju5h3L4aX12/oBMI+lwp9Lj+I4YrYV44N5G:2LLv4fH02bcjuPb4XHwpRrk08SlH
Threatray	2'085 similar samples on MalwareBazaar
TLSH	E455D062E2D07C33CCEF15788C3B96779D29BD10292C69461BECFC68FE292593425297
Reporter	cocaman
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

83

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/12729/

Detection(s):

SecuriteInfo.com.Win32.Herz.B.7193.27524.UNOFFICIAL

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3ce259abdca64cabc5ac51d1810ccff6a02fed247f4e65884d4fa4d23f18e086/

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2020-06-22 14:20:52 UTC

File Type:

PE (Exe)

Extracted files:

299

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=htrftk64uzgkxrnmkhiycdgp62qc73jep5hglccnj6snepyy4cda._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

Similar samples:

0f40a48444a9c944c02ea8e4917d11b5ece5145c66ba04c3879cbd02396fe68c

2a00c8f1e74ad67fbd46cb64e3af0cbe77f56f99b7b2f8856703d4a0e2bfa7da

44b3b23719518dc900b8fa3cbc83c5f34ee16c2705b27363a179da16127afca9

86bc0c5164d1c38fc8387d4126e6cf64df14b33cb3a3df6676c26511354daf37

93d94861c9feb7b9fca386254d8ab5637cf78e4145527753fdafe7346d28fbe3

943ecaad3ff5c37496c7d5dfe7ed12037cbd178ec7eeeef6a6763024734f79e8

d757bb9a190984035e621c9be0d393a9ba6de60bca0256ad7268e68eea276cdc

d79b76944fafb851773e0ece31696056e79030cb2e61d9d9c78144d4b5a60d5b

e13ff526ce3e9f7e3684d6f6e0bd9c34d8c50dd53ed82467e672c3f622e4446f

e658ce5f2f5fcf573efe10347d409c2f3ead085da15f88b7310a2487424975e9

+ 2'075 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware spyware stealer family:masslogger

Link:

https://tria.ge/reports/200624-j7t2j7r4qs/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetThreadContext

Looks up external IP address via web service

Drops startup file

Reads user/profile data of web browsers

UPX packed file

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 32439b531876d0d85388dd99e7693bd5557266ac6b686ee18073272acba05109

exe 3ce259abdca64cabc5ac51d1810ccff6a02fed247f4e65884d4fa4d23f18e086

(this sample)

Delivery method

Other

Dropped by

SHA256 32439b531876d0d85388dd99e7693bd5557266ac6b686ee18073272acba05109

Cape

Cape

https://www.capesandbox.com/analysis/12729/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample