MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abe23e12f4aa1f3e0b9ea3777ffaaf4fdcf9ccb21e7331b32d20bfa3a511f6c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abe23e12f4aa1f3e0b9ea3777ffaaf4fdcf9ccb21e7331b32d20bfa3a511f6c7
SHA3-384 hash: a490631330395789d963ca48608707380e04d7a2074ac9347fc8b6599692227f367714d16c758005b57a2bf8e81344fd
SHA1 hash: a5b27394da0c8afffbc4dfa4a734db62917b9fae
MD5 hash: 504fd653e392b36a4f829f583d8e5f29
humanhash: bravo-ceiling-purple-mountain
File name:#gfe00620.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'175'040 bytes
First seen:2020-06-29 12:44:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:xJp4ZzH+q2hDKaGehE/l6oUYabsWf1GvwCI6L+9pqGS2/DUzuz7FQlVy1o0ByL:1CHoF366oqX9bCI/l/DUYQlVy16L
Threatray 2'399 similar samples on MalwareBazaar
TLSH 8C4528413EB0CC12D89A12B094147EEB1D3D7D43E4E5E16BBA623AA471725BFE5B8C0D
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: smtp-out33.welcomeitalia.it
Sending IP: 46.44.253.77
From: n.vasili@gfe.it
Subject: RE: #GFE 00620 ORDER.
Attachment: gfe00620.z (contains "#gfe00620.exe")

MassLogger SMTP exfil server:
mail.mytravelexplorer.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16301/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/abe23e12f4aa1f3e0b9ea3777ffaaf4fdcf9ccb21e7331b32d20bfa3a511f6c7/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 12:42:29 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vprd4exuvipt4c46un3x76vpj7opttfsdzztdmznec72hjir63dq._file
Verdict:
suspicious
Similar samples:
0557646805d712ca2f91d47d8cb95a292b611886903e6824f3948182228ef750
MassLogger
1e6d5a6bbf1f99d4fa6407fa70c5efbed9a7cd1486085c4bb6b213753bb0dbfe
MassLogger
3e57aaffcd5dfe4c6487c73f7c457865405070f276efab07164f30be4741e733
MassLogger
48911ded8eb1be557009ec74a427c92481389c32e01c8a1c8935aa8db52bb558
MassLogger
48cad358250f70cffecaed785f4d128f48174adc0ee5948e00ab1b6ffbef803c
MassLogger
81ae80d0dc7e949cd78a6b555c1b08ebd8ec89ecf9847f3d1c0d9790b11be355
MassLogger
ddb56cadf564aac028ed312fb7ddb378d1951c2c8ed1a12e43f7e92d29843a08
MassLogger
e7acb91c1fe721b5a2cb5dcae27e69d1ce575cf19a0d929fe6b6ff9b81ebdf9b
MassLogger
eb3d6a6bfec90855240b6e239a10d283ecf13b118e9b769e2f4100b3eec76a12
MassLogger
f0006593faf51305737fab3e4aa62f4ead00200011ca09375ae438e04953859e
MassLogger
+ 2'389 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware stealer spyware family:masslogger
Link:
https://tria.ge/reports/200629-7zpz9ndl7a/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:masslogger_gcch
Create hunting rule
Author:govcert_ch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

z 8e546ae154b894d1991067c359964444191094c1816ff659f126c3bee170c56f

MassLogger

Executable exe abe23e12f4aa1f3e0b9ea3777ffaaf4fdcf9ccb21e7331b32d20bfa3a511f6c7

(this sample)

  
Dropped by
MD5 479bb71ed384cc4d6bbb126d6f616730
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8e546ae154b894d1991067c359964444191094c1816ff659f126c3bee170c56f
Cape
Cape
https://www.capesandbox.com/analysis/16301/

Comments