MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94581916a6f0f8c4c0e9238fb1ec9ee8f44035e750f7a41115e68ebe526e6ee4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	94581916a6f0f8c4c0e9238fb1ec9ee8f44035e750f7a41115e68ebe526e6ee4
SHA3-384 hash:	f5b90905e58496b5a213eadb058318a528c6f872d74296ad159078e8116ff898fa5473a402958c314f9329ff8b23d753
SHA1 hash:	81bc508a6e1398ec740ae45b8d4f853b1d869ac7
MD5 hash:	7f3ba6e9f7345824bf17a266ed280ca4
humanhash:	oven-pennsylvania-lactose-lake
File name:	New P.O#270520.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	800'256 bytes
First seen:	2020-05-27 17:47:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	24576:wtcKoebJrYeleyXTVdVgKi0w3onzLd6D1X8efAQ0VLlikGY:QcK1BbXjiB3gfdoX8pQ0V8FY
Threatray	472 similar samples on MalwareBazaar
TLSH	1C0523082E256306D6364A77B4F0189017B87459112AEECD5F88B9EEF14F386BB90D7F
Reporter	abuse_ch
Tags:	exe MassLogger

abuse_ch

Malspam distributing MassLogger:

HELO: europeantraders.com
Sending IP: 103.147.184.73
From: info1@europeantraders.com
Subject: P.O For Our Revised Order!
Attachment: New P.O270520.rar (contains "New P.O#270520.exe")

MassLogger SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin

# of uploads :

1

# of downloads :

76

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.BehavesLike.Win32.Generic.fc.4709.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Com

Status:

Malicious

First seen:

2020-05-28 01:42:43 UTC

AV detection:

25 of 31 (80.65%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

21178d3dc240fc60a328a125280b58e073cd8cb677553cc867a62fcdceca210f

4b675daa6c54e06962ef1162fd7fe105fe9e76193626ec451dda29081cab3582

4d47d2e29b7056f1d96947436ffc1eb030102f1b4b949d7708d33e77a321a831

5c826e35fe48ce5410e9c553242a83e71b2408a57d3256bcd0bd4334412010b0

5cc2da9649ceac73f18ef6fe03add950641f8ccf871d325144628595f83f4da1

8b21c06bf03c5f788bb0354c625f343873bc834ac43b1d8fbc469fd64f215cf6

9c5b8535e2ac554768c5cfc3d655a3aed7647fe2280e66161a516296eb5a5918

ae827e126c9f242564090fd5cb50ab392d61eae0f8dc1d43654bcb16aeeadc2e

c16e569fe7d77436566b268fab7037ab71efb99a5108aa452602479267508305

f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818

+ 462 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

family:masslogger coreentity ransomware rezer0 spyware stealer

Link:

https://tria.ge/reports/201109-x2alabhn5x/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of web browsers

rezer0

CoreEntity .NET Packer

MassLogger

MassLogger Main Payload

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 5eeb801516053f1e6783ab52dc4b9f1c0e6d7154f2f5f9dea3593e93ef3ea696

exe 94581916a6f0f8c4c0e9238fb1ec9ee8f44035e750f7a41115e68ebe526e6ee4

(this sample)

Dropped by

MD5 fbf5e003a88485ddd3c39cef433953cb

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 5eeb801516053f1e6783ab52dc4b9f1c0e6d7154f2f5f9dea3593e93ef3ea696

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample