MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b99de03440f57a55e0c9a269df9d79ff2214eb859361d217f76fa86579fd82df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b99de03440f57a55e0c9a269df9d79ff2214eb859361d217f76fa86579fd82df
SHA3-384 hash: 7806632eda0f2bc4c12bd88e4ad379766dcd23985abbe8373ea8298eb08f70f3ad37a9f7f5fc961dc10a767098bb40cd
SHA1 hash: 82144d010aacf4bfb024f8e9f18088a6c5895a59
MD5 hash: ca638b06171dc10092970b37aa5e1364
humanhash: jig-chicken-kansas-mirror
File name:productz list.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'063'424 bytes
First seen:2020-08-17 13:40:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'651 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 24576:7JcdCtlPnCP8yUVqxlRrKMEZG43gaoVsLk+ev:WEnCOV2irkY4+
Threatray 528 similar samples on MalwareBazaar
TLSH 2235122131D8A392C8FE1B3A186051D623F6F90AEB65DA9C7D8C119C1E63F8787527D3
Reporter James_inthe_box
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Ispy
Create hunting rule
Link:
https://www.capesandbox.com/analysis/47016/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Running batch commands
Launching a process
Deleting of the original file
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/433559
Signature
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Yara detected Costura Assembly Loader
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 269130 Sample: productz list.exe Startdate: 17/08/2020 Architecture: WINDOWS Score: 80 22 Yara detected MassLogger RAT 2->22 24 Yara detected AntiVM_3 2->24 26 .NET source code contains potential unpacker 2->26 28 4 other signatures 2->28 8 productz list.exe 3 2->8         started        process3 file4 20 C:\Users\user\...\productz list.exe.log, ASCII 8->20 dropped 30 Injects a PE file into a foreign processes 8->30 12 productz list.exe 2 8->12         started        signatures5 process6 process7 14 cmd.exe 1 12->14         started        process8 16 powershell.exe 19 14->16         started        18 conhost.exe 14->18         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b99de03440f57a55e0c9a269df9d79ff2214eb859361d217f76fa86579fd82df/
Threat name:
ByteCode-MSIL.Hacktool.CeeInject
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 13:39:27 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
22 of 29 (75.86%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgo6anca6v5flygjuju57hlz74rbj24fsnq5ef7xn6ugk6p5qlpq._file
Verdict:
unknown
Similar samples:
4c8728146976e30a09321d1e158aeeb46908c54fa8614ccef7fbc9761956eca4
MassLogger
75c275e5cf07f4932978afa90c68dbd7a4fe9b12e6002e3e933f99156b137181
MassLogger
7a844a73345acfd4a047d76088829ba790ae67a7d3a3527feecb290c6dbfc3bd
MassLogger
7cfa62ab7a592f04b4268ad35e2a90739666f9d5e91eaa5808dd8ba11239f43d
MassLogger
878e1a1b65cc05eb728bf4ce85b7ad87576bbc9c8465d1348c71cef4e8c098f2
MassLogger
9d12d73cdddda4b11bbfa38b1bc056e20063a75f38decb5e8af5e6a30c078673
MassLogger
9dfba413d306830589105d96b90b5ea870b1975bd371350635ea1c2b591bcbd8
MassLogger
b2169a0b14394b89cad7d3d4092b1a3e940c4504f9e7d982ebbcfd0b8c603530
MassLogger
c3678d87151b21e6a29ded035522c1c22950f97787e45b3df2dba52a4e688c97
MassLogger
f4bf32943d6b14bf9e025c20f0fb7342982c025ba64b151687a99202091bf2eb
MassLogger
+ 518 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware stealer spyware family:masslogger
Link:
https://tria.ge/reports/200817-pvckcq17wa/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/b99de03440f57a55e0c9a269df9d79ff2214eb859361d217f76fa86579fd82df

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/47016/

Comments