MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 420da876f8efdf70da0ec0ccd1b7aaa09547b6868d5fc655c05b50eadf20c360. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	420da876f8efdf70da0ec0ccd1b7aaa09547b6868d5fc655c05b50eadf20c360
SHA3-384 hash:	63e240d96ac3530f5af2d2c01890d0fc6d8a2da6a6a7c913b443d760f0c5f5516906d2a5e191941164c63aee9a173200
SHA1 hash:	85b71070f258dce1b5f92ea4aaa117419f6b8828
MD5 hash:	243a515982e6eba872d6366ec71d63b6
humanhash:	cold-purple-oklahoma-louisiana
File name:	doc07675720200626101857.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	952'832 bytes
First seen:	2020-07-08 09:57:16 UTC
Last seen:	2020-07-08 11:14:15 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c6558f8c55c7046860294c7f6ce6c298 (14 x AgentTesla, 5 x FormBook, 3 x Loki)
ssdeep	24576:C14/oDnsUgk6Y5f2609u8TwYVC5e92Dwfx:CGeUkfbEu8TwYv2Dwp
Threatray	2'129 similar samples on MalwareBazaar
TLSH	C415CF22F2A04477F16216399C5BD6BC5836FE103929DA472BE47D0C9FF5281386B2B7
Reporter	cocaman
Tags:	exe MassLogger

Intelligence

File Origin

# of uploads :

2

# of downloads :

79

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Using the Windows Management Instrumentation requests

Creating a file

Reading Telegram data

Reading critical registry keys

Moving a recently created file

DNS request

Sending a custom TCP request

Deleting a recently created file

Setting a global event handler for the keyboard

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/420da876f8efdf70da0ec0ccd1b7aaa09547b6868d5fc655c05b50eadf20c360/

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2020-07-08 09:59:06 UTC

File Type:

PE (Exe)

Extracted files:

62

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=iig2q5xy57pxbwqoydgndn5kuckupnugrvp4mvoalniovxzaynqa._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

Similar samples:

08ad65b9f5484e0ed939cc2de4f83749fc0eb3382c5a1bf7ddf74f29144d122d

0d3054972b35fa5c6f67ba30f1495823dda35917b171af358242c20293e2bbbb

45ff28eabf8854e1ce1d3bb088fc7cfa224dbeb1e8b66a4038682fd592013d54

84321d91850ce025e214ab49400d8c1fade931a55483a87582f4f266e3ec196b

b7c38b8ca8e90da906c7df9ea379e0c9386780ee32b174cd1f82cd8662822efc

d251c653db7e7df1e0d7858d8e1870055a5ccdd5749295c1a41a1e47f2a3c109

e91593299dba4d7f9362c8d64e701413af0384f0f7ecca356ab138497f3a8e4d

f08dc58f88fe30098a5589d459e409efb0d27c47fdefe2e1e602b01e2b177c95

f27eb43c59ea9a9f7ffc4e9bb14e67fd1667825c0e8851d4a1abb9441180076a

fc32533f8d31e6e59cadd43a08766aa524566ace951cc35c3d891ed0222ed8f5

+ 2'119 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

spyware stealer family:masslogger

Link:

https://tria.ge/reports/200708-khrg6kv6s2/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of web browsers

UPX packed file

MassLogger log file

MassLogger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r01 a1be9ca3d1ee2083aefe9b4e93fca9746d38de3d7b3383848375672f768d31ff

exe 420da876f8efdf70da0ec0ccd1b7aaa09547b6868d5fc655c05b50eadf20c360

(this sample)

Delivery method

Other

Dropped by

SHA256 a1be9ca3d1ee2083aefe9b4e93fca9746d38de3d7b3383848375672f768d31ff

Cape

Cape

https://www.capesandbox.com/analysis/23031/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample