MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054
SHA3-384 hash: 31b02788ff3f8e4dd38a35f4f1bc4cf6f19c6b851db47c68e8f8a339301898fd8c39794bd205258c5f37ebe27fb11f7f
SHA1 hash: de171247570b719b6daa955e6d74baf2e4ba6db7
MD5 hash: e3f1a6ef1101aa4fae208dea686c518b
humanhash: nebraska-robin-coffee-october
File name:Ggaygtiujst.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'216'512 bytes
First seen:2022-11-03 07:17:01 UTC
Last seen:2022-11-03 09:26:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:vRNKbJGctTg0JdaLiDsPSAeYCHZlLV15jxb9xi8YmVolOqpYT:vRgov0JciDgOxV15NhemOt+
Threatray 2'847 similar samples on MalwareBazaar
TLSH T1994533918F3D98FADA3447B1B8E305CC52C18EA4EDC79DE56EA4ADCE37E45853A12070
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon e0c8cec6c6c6c0e0 (3 x BlackGuard, 3 x Formbook, 2 x MassLogger)
Reporter cocaman
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Ggaygtiujst.exe
Verdict:
No threats detected
Analysis date:
2022-11-03 07:19:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d798606a-ed5c-4ab1-9509-93a9b09330a0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/327637/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63330120.12531.22165.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Creating a file
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Creating a file in the %temp% directory
Reading critical registry keys
Stealing user critical data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63636af0fe481257b8fc024c/reports/4a7b5cb4-f0e9-4c48-b35a-fe685ec640ba/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/32313187-d467-4569-87cf-8d0ee0d414ff
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1104094
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2022-11-02 01:18:32 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
3
AV detection:
22 of 41 (53.66%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cdhicd7v6v4l6sb7y2b5jobq2uhux5mdkusv2oboelj4rusaobka._file
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
2dde2cc8ac37a2f9750674975e4117414aaee2e1fa62b6cb28c9b4a6b7d2e458
MassLogger
431259109385ec63af8de3962a7439e71c9361c30051ac30febcda57114e201a
MassLogger
43e3b54c1d828e19d892ef713583915e2e72858be12fe2d0cc5330ecb69b7eea
MassLogger
588572e37df45867b14d17b7892c5337ecce9e618b43ae6aae8ab187c35bbc92
MassLogger
65974a49b0f427641f96866baacf2ab54717f613adc747812061bb05e4dde779
MassLogger
768e07081c36c61c7ca4cc6c996c99e128adb6d137ad5c4f15f14edd17e492ca
MassLogger
9c348075ed5b4586cb68c9d794189661b4bcb53c86eff81afd634e29ef9e8369
MassLogger
c1896a9e47fd1fa35cf772baa4dbdd124d946caf14a5fc9ea7e3192de587e8c6
MassLogger
d6f73562c2013f0fe1ef835228ec4e7ff3fe5f9d19b698c4f68bd17b406e783d
MassLogger
f333b87b79d0fbf142976bb401a082f189b00c49e65a3ad7b1ed5b8f33320ba0
MassLogger
+ 2'837 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
collection spyware stealer
Link:
https://tria.ge/reports/221103-h4c72afed7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads user/profile data of web browsers
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/3c0956d5-a127-48fd-a132-596da2fcf0b1
Unpacked files
SH256 hash:
10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054
MD5 hash:
e3f1a6ef1101aa4fae208dea686c518b
SHA1 hash:
de171247570b719b6daa955e6d74baf2e4ba6db7
Link:
https://www.unpac.me/results/1f406041-625f-42be-85fd-77f55764f767/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/10ce810ff5f5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

z c41f0ba4966ab182ac2458b218789c383814e2d6a572dc6cae18645bfa54c40d

MassLogger

Executable exe 10ce810ff5f578bf483fc683d4b830d50f4bf58355255d382e22d3c8d2407054

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 c41f0ba4966ab182ac2458b218789c383814e2d6a572dc6cae18645bfa54c40d
Cape
Cape
https://www.capesandbox.com/analysis/327637/
  
Dropped by
MD5 6e2e0757f0100ab868f9a75fad4cfe41

Comments