MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79a191033da8c7040b19ef97042dcef88669f15b784d881cbb5b8ace51cf26ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79a191033da8c7040b19ef97042dcef88669f15b784d881cbb5b8ace51cf26ce
SHA3-384 hash: cd0011a5a68be4e58153655f44051786a0a3878125105dbdb6f3e6d22ac66978d1557495e0b738b23ddff60d68919d27
SHA1 hash: e38390915e3232d58a9d45f005138aee5a50bf90
MD5 hash: 0957815e3c25df29b10829b92545ebfe
humanhash: burger-lake-two-spring
File name:YuuvsiGnwGYPy3O.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:877'056 bytes
First seen:2020-05-19 14:23:49 UTC
Last seen:2020-05-19 14:54:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:fMoRubKyQRTyJ3wRoBY8Spe+5ANd/hWXPOBVqao6RfqM7ALFZyyUfv8ccIIOAxp6:fQ+ywRpjbOh+OBkkRfqhJ8Up+zfX
Threatray 447 similar samples on MalwareBazaar
TLSH A515121332B88F1AD5BFABF02970805053723A7725A2E79C5EF4A4DC2772B414A527B7
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: premium37-1.web-hosting.com
Sending IP: 198.54.114.243
From: Efficacy.co <bunmi.oyemade@efficacyconstruction.com>
Subject: PURCHASE ORDER
Attachment: PURCHASE ORDER.rar (contains "YuuvsiGnwGYPy3O.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.14.14269.6119.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 15:17:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pgqzcaz5vddqicyz56lqiloo7cdgt4k3pbgyqhf3lofm4uope3ha._file
Verdict:
malicious
Similar samples:
0eaa7e8f673add2154bdd6902103b235d4729a36dc53c5a3c660356dd0152e3d
MassLogger
1793f187d699d6b5eac0451dc8740943f1622a4ce989e7d8d03fef4976564b1b
MassLogger
1b4dea59e406d410a3d0d1ea8245c339fa8f5eb925f1378a09b0ee812c06508e
MassLogger
2c6acd5aa7ce2eaff49cad6dd4168715e344888dcae66b35d7c6af6729a7952e
MassLogger
3da52257d2bf11ec3b3616e8a3c5891d2c2fcf1c2195f8b3f083175da57d2eb2
MassLogger
5832c5ab1d0aedc5c36d6f3146826dd3570c8b7c8434120dfc1972631e54f533
MassLogger
65e49a29cdfa1f1f91d5a59354ce7920a03b4aaddc0e26a3b002985d57388ea8
MassLogger
a2c284a50d4fc05794e3bce123492bd9e547b272d9f7b87832fdc72b681580e7
MassLogger
ba123e2be2891c5decb58c5f87b722e363a86679d7823bc01f93cf58f1c8973a
MassLogger
ca6c6262134182f4bc6367855eaf6a390bf9f3a1b95e7238f3480dfe8baf50db
MassLogger
+ 437 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
coreentity rezer0 family:masslogger ransomware spyware stealer
Link:
https://tria.ge/reports/201109-1hwbxfp3ca/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 8484bbbee955599bc3de976f3ba8121209931b86f1867c7202b64e22f77087c4

MassLogger

Executable exe 79a191033da8c7040b19ef97042dcef88669f15b784d881cbb5b8ace51cf26ce

(this sample)

  
Dropped by
MD5 eb216972dbd791e896b580b15e19a845
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8484bbbee955599bc3de976f3ba8121209931b86f1867c7202b64e22f77087c4

Comments