MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f8324aa2244c6ecc4369ef6e5ea25b405ecf48aef96e34cc04c56f6ad240ade. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 8f8324aa2244c6ecc4369ef6e5ea25b405ecf48aef96e34cc04c56f6ad240ade
SHA3-384 hash: f01e01dc8577ee9905763053707392c87073e817f2286c3274f67b5313e0a2e00141d1a2121ef3b6d8e0216525bc85c6
SHA1 hash: b0b33d8d031fa4a5d8a45bf2ed37183e4c5fccda
MD5 hash: cdf6c228fdadc71c3d1765cb110eca43
humanhash: solar-alpha-failed-kilo
File name:hoga.exe
Download: download sample
Signature MassLogger
File size:1'256'960 bytes
First seen:2020-07-31 10:35:20 UTC
Last seen:2020-08-02 07:34:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 24576:zTNdTnCFlfsV4Pfqtotowi1ZW1D1h0z6gik9nYYRkJkz:zCFlfvIw4MD/0egik9Y3S
TLSH 3845CF093511C443D2993D31C8AE1F5447A89EAD3643EB27BD5A332BFEA1FE95C021E9
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: gasteev.com
Sending IP: 37.49.224.121
From: Jarmila Vymazalová <info@gasteev.com>
Subject: ČOV Vinařice HYDRO order lists
Attachment: scan 0003.xlsm

Unknown payload URL:
https://www.sol-u-ink.com/look/hoga.exe

Intelligence


File Origin
# of uploads :
3
# of downloads :
29
Origin country :
CH CH
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Threat name:
MassLogger RAT
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Signature
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-07-31 10:37:05 UTC
AV detection:
22 of 31 (70.97%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Threat name:
Malicious File
Score:
0.75

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 8f8324aa2244c6ecc4369ef6e5ea25b405ecf48aef96e34cc04c56f6ad240ade

(this sample)

Comments