MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9300260a0aa311aa5e53e3c015ba7c63bb52ccb40c9841d4f566a6019143257d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9300260a0aa311aa5e53e3c015ba7c63bb52ccb40c9841d4f566a6019143257d
SHA3-384 hash: 3761e523cc67c1b32a3136a0ec8df131435a09561ea47b660b8129e4e1eabca625c0727ad4bd92d910661e593925e0be
SHA1 hash: 0c9ea2d1c5c0254a278940c3b5ca7c25942b50fb
MD5 hash: f199ca0e897812a4218b91a293a7656b
humanhash: pasta-north-mockingbird-sad
File name:No42113-No42114.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:944'640 bytes
First seen:2020-06-10 10:32:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:Tv68+CtcjMW/2bYTZc553ZVuogmRwNosCKS9j:Tv/+5AtYTZIfVuogevsX
Threatray 7'661 similar samples on MalwareBazaar
TLSH 1515F1887200B2DFC867DC72CAA92C60ABA06567531BD247A41712ED9E0E7D7CF146F7
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: aena.com
Sending IP: 37.49.224.134
From: Laura Esquivel Perez <lesquivel@aena.com>
Subject: New PO No42114 & No42114
Attachment: PO No42113-No42114.rar (contains "No42113-No42114.exe")

MassLogger SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WGM.20749.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 10:34:10 UTC
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=smacmcqkumi2uxst4pablot4mo5vftfubsmedvhvm2tadekdev6q._file
Verdict:
malicious
Similar samples:
083c70afde1be48426ebcf28eacfa0cd47f96130790b79f5a367ae6b00eab142
MassLogger
162a5aa5e6e0298edbae1a494d2a3e177f0fb42b1c2e35eaecdbe1715d519694
MassLogger
21cf18a3f7318d77dbab369b9095a9f18a5e46b6b99608d5a3d69c3ecd70be06
MassLogger
2e38449ec685638089e3863a2c03ba15c8b18b16f9e75ec869a4b87c34aabd28
MassLogger
550d444c7b624a375c46ad2eeceb270583137825a63224727aa70b8cc14cdd93
MassLogger
5caa7e9eb486ca9161d410e9fe1dc4074c3b0c66f8d6cd05ab5ae6dd35837c5a
MassLogger
9b5b44ded4ede28d92834c4db286780a5628d02597a739ff3633f808d47f0939
MassLogger
a4cebe4913d275f7387b8d8b2acb7d76324550746e8802f28d432a15d3608194
MassLogger
c5e0aca5108536d030a5ca781ae1610f8868d67082e35bf3ba3123f333dd27a3
MassLogger
cd84429e1881bd2029dc69963d9fd46049b11c50e2af7b8aae34ec877dda42e9
MassLogger
+ 7'651 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger ransomware rezer0 spyware stealer
Link:
https://tria.ge/reports/201109-sk7vrz12p6/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of web browsers
ServiceHost packer
rezer0
MassLogger
MassLogger Main Payload
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:masslogger_gcch
Create hunting rule
Author:govcert_ch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar ca144462b30d41d857bf6e92ab7970b22ec69ec6301aaeca6d114c624bebeb08

MassLogger

Executable exe 9300260a0aa311aa5e53e3c015ba7c63bb52ccb40c9841d4f566a6019143257d

(this sample)

  
Dropped by
MD5 913b11559bcb1d4763a653741472c81e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ca144462b30d41d857bf6e92ab7970b22ec69ec6301aaeca6d114c624bebeb08

Comments