MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de083ffcc44c047fbf9a4938aca158f47045b9ee3ce98ce7b24202422fca3396. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	de083ffcc44c047fbf9a4938aca158f47045b9ee3ce98ce7b24202422fca3396
SHA3-384 hash:	89276f15fd576ee8d108edeafebca15e3d7c7ae8e72595336e96fd89f27f4d6574367b887f2cc3477517716f6052d953
SHA1 hash:	566257811fb1b9b99304933b10b49c74e7038bbf
MD5 hash:	2254eea10e2cb5e29c09bf28170c2e69
humanhash:	undress-william-tennis-virginia
File name:	file.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	783'360 bytes
First seen:	2020-07-13 11:57:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:ZeF2VsPoAWnXimeXOTYpxGohNshDajJVe6jDYLJkkFnfulvvFi1:ZW2VS+XimqOcX7cEJVe6/YLJkHBti
Threatray	394 similar samples on MalwareBazaar
TLSH	7AF41291F282CCE9FC1695F16C4FDB22C1629A5E9475751E32973A28ACF334301A7B4B
Reporter	abuse_ch
Tags:	exe MassLogger

abuse_ch

Malspam distributing MassLogger:

HELO: server.asaloto.com.tr
Sending IP: 178.211.50.155
From: info@intermerkur.rs
Subject: Re: Acil sipariş talep edildi
Attachment: REQUEST FOR QUOTATION.zip (contains "file.exe")

Intelligence

File Origin

# of uploads :

1

# of downloads :

73

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.LuheFihaA.24490.8456.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the %AppData% directory

Creating a file in the %temp% directory

Launching a process

Creating a process with a hidden window

Deleting a recently created file

Using the Windows Management Instrumentation requests

Creating a file

Reading Telegram data

Reading critical registry keys

Moving a recently created file

Changing the Windows explorer settings to hide files extension

Setting a global event handler for the keyboard

Enabling a "Do not show hidden files" option

Enabling autorun with Startup directory

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/de083ffcc44c047fbf9a4938aca158f47045b9ee3ce98ce7b24202422fca3396/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-07-13 11:59:06 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3yed77gejqch7p42je4kziky6ryelopohtuyzz5siibeel6kgola._file

Verdict:

malicious

Similar samples:

1b63db723d1957b88d6199fb5ea958f28de43333d2482a137c5b73b8be78a4a0

5056afb57576d4fc72369a0c11d434406085f7e62f773f3db7e297061cba717a

63b62266bd430cd093c6ee885cbe42c303536dcf223d2157188820b729f29abd

701bb7d545df1a98de90d0a414a90c7f09538fe02f32e8ffc4c6312aab8349c5

75ce329091d54aa2fcf6cd6f58704493e0f4ac878279c49db239140051341931

77ed644af65306cd4cea3eddf6019e5626fe16cbbd0f8c49d76dd21e9683ae5f

aa5bb63c10ba7512a7f1612ca4b89768023be9fe17bcdf07665ec06640ca242d

b2a788fd71a0f4b05dca86d0b8d44abd718261d0fe9cb2f6a947b87987d11cd1

bac6ef51da1ca402c3cc71dee9ea466911aa1f2d75dcf5f0b31d29ab3350e015

d12fda0c8cf02474c474c6cbeba40591ba336a7fdf8d3f164493e5f6200f77ca

+ 384 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware spyware stealer family:masslogger

Link:

https://tria.ge/reports/200713-sgnttkf7fj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Looks up external IP address via web service

Reads user/profile data of web browsers

Modifies the visibility of hidden or system files

MassLogger log file

MassLogger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip b5a7ba91a61c390523fe58672b672a3b4d3c18237ebb640c92a58afc748773cc

exe de083ffcc44c047fbf9a4938aca158f47045b9ee3ce98ce7b24202422fca3396

(this sample)

Dropped by

MD5 930b08de967affd1e06ce6ca802d0de5

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/25294/

Dropped by

SHA256 b5a7ba91a61c390523fe58672b672a3b4d3c18237ebb640c92a58afc748773cc

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample