MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6da1c2c7bf56856758eb28da84a033c9dd734aeb7d7177a35a4ab79ccb52812b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	6da1c2c7bf56856758eb28da84a033c9dd734aeb7d7177a35a4ab79ccb52812b
SHA3-384 hash:	06e4df925ac9d93e88d6b9899a35a05b45598b50715b5124698a40d267cfebb65dec3bd6bdbe9d394ba23db729492d6f
SHA1 hash:	582108c71325b2824aeec743fa181cc883306ebc
MD5 hash:	517abd13f37d0e0194d4172e20915f17
humanhash:	seven-november-sweet-arizona
File name:	X4kfRqDLcA4KpOt.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	1'160'192 bytes
First seen:	2020-06-05 06:24:38 UTC
Last seen:	2020-07-06 09:57:59 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	24576:SWEP9jVm+d7ph0Way5TBeeeJOatw9TcV8FCBW2LpGUkr:gJVm4bl7XeXwBWW2L
Threatray	2'184 similar samples on MalwareBazaar
TLSH	E235124039E8695EE73BCE7589721C105AB0785BFE17E2436D4B20DE402FF458AA4F6B
Reporter	JoulK
Tags:	exe MassLogger

Intelligence

File Origin

# of uploads :

3

# of downloads :

75

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-06-05 06:36:38 UTC

File Type:

PE (.Net Exe)

Extracted files:

1

AV detection:

13 of 48 (27.08%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=nwq4fr57k2cwowhlfdnijibtzhoxgsxlpvyxpi22jk3zzs2sqevq._file

Verdict:

malicious

Similar samples:

0cec4d3d5617d30aebf9f5742b92a035343c3ac3e55af9946d5334cf82b59381

11e2a741ad4d7a16d3abf82e41eaee55fe6dbefeabe8da0d3d67436a1e87815f

407460c7b6ddca33779fbafe8199c0aa606d3233b6d92a61b96c6a04840edec4

4fd457b5e2ff2430dbce5692ba6c47253ade9e105ffb192d01aee29d6ba7c912

6ee9c2dbb4e02add4966f1a720be2c6dd22cb0088fff92aa0e9a6b4d91e85b67

76660e5f91d840797810ff952f2d4a104a12ca0139d7d4c56b1c2cd0d2d9b57b

8f27118a7a0517e6c4d8b6cd4c4750a5c931bc0629194b331608b7109d7d202f

ac3f17465c64d5add698c45aae799dc9d0f7232959c0844e4e6c722c036379c8

d57f6bfd820c84a664edfa6d70259bf8d29763297a33e26557d0c553acd9d22e

eca1fdae380cc050ec988abc1b455a2694c0c838e90fb6d7c02806de60a54e03

+ 2'174 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

family:masslogger ransomware rezer0 spyware stealer

Link:

https://tria.ge/reports/201109-bcw6c49jjs/

Behaviour

Creates scheduled task(s)

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Checks computer location settings

Reads user/profile data of web browsers

rezer0

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample