MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55ebe7258f8c713648707d2f23ac07cda79caedfe130c7cb42c7abb54e4cd9b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55ebe7258f8c713648707d2f23ac07cda79caedfe130c7cb42c7abb54e4cd9b9
SHA3-384 hash: 682c00bcff7073c4f55fbf4306472551bd228d2dde7961f811055fc13958f37dbd57c38808ac3d26933d45bf00c35801
SHA1 hash: 493c308b4306d318001934736f5e8ffd6dd50ed7
MD5 hash: 7dec0bc40db4c5faa03dc6e575ea8042
humanhash: east-dakota-nebraska-wolfram
File name:Профт Групп Россия - Запрос клиента 0013709 - SKBMT-07-30-2020-115-img00251.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'769'984 bytes
First seen:2020-07-30 07:22:17 UTC
Last seen:2020-07-31 08:58:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 33c4c1ecaebedc6a45bb94a4231a102b (1 x MassLogger)
ssdeep 24576:i1OANT7yHedXZrpdSdwwDtrmwRo1Q7josQsCprQiat+4:iRRrddpdSdvDtrmmC+T1
Threatray 754 similar samples on MalwareBazaar
TLSH 12857D6DBE44F545FE80443BBA04D2CA24197A35D41D29C33B81BF6F7CB2279AE16E06
Reporter abuse_ch
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/35344/
Detection(s):
SecuriteInfo.com.FileRepMalware.19645.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Deleting a recently created file
Running batch commands
Launching a process
Creating a window
Sending an HTTP GET request
Using the Windows Management Instrumentation requests
Reading Telegram data
Creating a file
Reading critical registry keys
Moving a recently created file
Deleting of the original file
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/403258
Signature
Deletes itself after installation
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Machine Learning detection for sample
May check the online IP address of the machine
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to steal Mail credentials (via file access)
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55ebe7258f8c713648707d2f23ac07cda79caedfe130c7cb42c7abb54e4cd9b9/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-07-30 07:24:07 UTC
File Type:
PE (Exe)
Extracted files:
516
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kxv6ojmprrytmsdqpuxshlahzwtzzlw74eymps2cy6v3ktsm3g4q._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
4af92bdbce17e818adde9230fa30cd889bcb7e8f1a4d26742b5957bf1e8e6301
MassLogger
4b9f712433c48ac510be9620a98f09883e4c363c2c265c3534a381c3cc17b932
MassLogger
61b48926bb6bbe4e308cf6e2c48345f50d2bda94f501915bd00a3139f9808e10
MassLogger
a3e157d0b718a7cc0ab1127dd839a3ddac22e87cfd500961ae1698f1693dbc0c
MassLogger
c3a8830187f24899610607a4537fc6615cd46a640cd01f4abc0577f6a3edf894
MassLogger
ccbd3a0bf6f5ee155b8a270c65376ddf83f220dd044b44f7debebb3f76fecbca
MassLogger
d2eb3673cff0d4842a5282e28730892ce137f5477428da579073c99324482fa1
MassLogger
d6f0e1365d769f70ace2165f7f38917d65bc8d404f9a03f22db289d9de36e9a4
MassLogger
dfc8f0a7456a2b40908d901c2468d372bd859abda04e50ef4cf45ec84668cdcb
MassLogger
f1c93bdb155ad5dd296ac6a83dba574df3c48c72409d9bf304e079d0c7e90b2a
MassLogger
+ 744 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200730-8gaz2v5hzj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/55ebe7258f8c713648707d2f23ac07cda79caedfe130c7cb42c7abb54e4cd9b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/35344/

Comments