MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8
SHA3-384 hash: fc45ac510144c1694812a10eb7506181725fb4ec1be950b7d53d908cdac72b3d4b4ab2bfe348a3a5e3237571b2c0cb55
SHA1 hash: 0c88c06553bc3117a7e6f68adb99f1f820ae912d
MD5 hash: 7ca2be12ff1d93475b123c77186f5121
humanhash: double-salami-south-twenty
File name:SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'878'016 bytes
First seen:2020-12-15 02:34:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:W553qXa8A+kXRWSuitwZKtecAISIxqgCa9+/eJ4mwdDsRcVUbmXjKbf/2Dtjf6+9:W556XavfuhNIQ3U8hm8sRqUwMGt++
Threatray 449 similar samples on MalwareBazaar
TLSH 8E9523312619BF62E57D5FF4E01034440F68AF27AA61E158DF9310D722EE731AB92E63
Reporter SecuriteInfoCom
Tags:MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587
Verdict:
Malicious activity
Analysis date:
2020-12-15 02:37:21 UTC
Tags:
trojan stealer masslogger evasion
Link:
https://app.any.run/tasks/758c40ed-c1ac-4b72-81bc-525ae128fdb1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108069/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/562812
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Found malware configuration
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AntiVM_3
Yara detected Costura Assembly Loader
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-09 06:26:52 UTC
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cipz4lfjioboevrl6mhrzskgvupceesg75nxe4o44sgwspwbfdua._file
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
13dd79b77c2ed2ba77d509e2d3b4621e83f7105674353f7e30930e07b099bce5
MassLogger
182321120c1270861876820e9413137d6c32cd8af4e6aee6cef87ee5fa236b5b
MassLogger
2222ddfcb76c8c278bbabf1b094e47950023f1319ae484d44dc502b91700db17
MassLogger
5136cc442f7ff2a99cb5c3c64c0419d23a3aba57f7389af3a758615eb8b6d26b
MassLogger
5c25185beb2246bba9f097cb915dcc1560c80527c6750d6da5737c29de2db217
MassLogger
812efd5114e9e1d9ae0898435aa593322a4ef9a39ddd1befe6fc9382ed1cfc0f
MassLogger
9cc36828708605652a9a1fc840e714b6fdaa685b9a63e0d81f49c39db35bcec1
MassLogger
b46571fd44360c7d8e9771a807c0914f419dc7dc69a43b475b537484a1aa5053
MassLogger
e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83
MassLogger
f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818
MassLogger
+ 439 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger spyware stealer upx
Link:
https://tria.ge/reports/201215-25hnhh2kce/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
MassLogger
MassLogger log file
Unpacked files
SH256 hash:
121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8
MD5 hash:
7ca2be12ff1d93475b123c77186f5121
SHA1 hash:
0c88c06553bc3117a7e6f68adb99f1f820ae912d
Link:
https://www.unpac.me/results/a9417875-fd84-4f23-8fd2-279b31ab71f3/
SH256 hash:
c88a66cbf00b12c88e2b970b8bc220e970e8465e56098ced24e97d42be901b94
MD5 hash:
a60401dc02ff4f3250a749965097e13f
SHA1 hash:
3f22d28fd765f831084cb972a8bd071e421c26a1
Link:
https://www.unpac.me/results/a9417875-fd84-4f23-8fd2-279b31ab71f3/
SH256 hash:
51a0f27704954044807069795640c36398899ba9a9187ef7661daedec1c9d264
MD5 hash:
b13b77be67214a8fb1dccb7250d79e9a
SHA1 hash:
993fb46cf52e88a48f1280a533b842921cfadfe2
Detections:
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/a9417875-fd84-4f23-8fd2-279b31ab71f3/
Parent samples :
9cc36828708605652a9a1fc840e714b6fdaa685b9a63e0d81f49c39db35bcec1
121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8
SH256 hash:
c40de44dfee522a46300558733fa2f09983106e12d27cde04ebcb721871b1f7d
MD5 hash:
246467806b72e3c0f1c53a7003c7f310
SHA1 hash:
a99c3e8bf501197b152e8d476c0bf8c29d1baea4
Link:
https://www.unpac.me/results/a9417875-fd84-4f23-8fd2-279b31ab71f3/
SH256 hash:
a57871e8789205b52dc0a20ccc9671a29d11ef58d84597725328844fd9efdc22
MD5 hash:
c73608d557ea9d01523a6b176cf481b4
SHA1 hash:
ca954acef80ec0a61e895efe2ef5487824f01221
Link:
https://www.unpac.me/results/a9417875-fd84-4f23-8fd2-279b31ab71f3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MassLogger

Executable exe 121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/108069/
  
URLhaus
https://urlhaus.abuse.ch/url/919161/
  
Delivery method
Distributed via web download

Comments