MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bf67b967c8397bfab22e326bce6efa64c647206102d4753569ba1abb538d685. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	1bf67b967c8397bfab22e326bce6efa64c647206102d4753569ba1abb538d685
SHA3-384 hash:	df9ec73df4a6a482d1cdff20a6e1e6ad411145c204eaca1f4dbb57d2ecd22c39aaf81dfdf9125ca7adeed08ddc99bb4d
SHA1 hash:	d0c7e6ba73d25a3ea4688bf37c0e3a75a8374902
MD5 hash:	94fb783c105c5a8daacd6947185e9440
humanhash:	sweet-hotel-lake-bluebird
File name:	SecuriteInfo.com.Trojan.Inject3.53454.23738.20151
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	1'029'120 bytes
First seen:	2020-08-29 07:36:10 UTC
Last seen:	2020-08-31 12:35:20 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'614 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	24576:4I0Br64j6gBgerRNQyHW2YDX3TI7/zv8Ez9LAo0sytw:4Ii6WdniTI7LjxAsJ
Threatray	546 similar samples on MalwareBazaar
TLSH	112523323ACCC728F9F52B3C087C751053E46A928918F46E9C5B94D06557FADD2EEA32
Reporter	SecuriteInfoCom
Tags:	MassLogger

Intelligence

File Origin

# of uploads :

3

# of downloads :

82

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/52782/

Detection(s):

SecuriteInfo.com.Trojan.Inject3.53454.23738.20151.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Unauthorized injection to a recently created process

Creating a file

Result

Threat name:

MassLogger RAT

Detection:

malicious

Classification:

troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/454120

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Deletes itself after installation

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Yara detected MassLogger RAT

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1bf67b967c8397bfab22e326bce6efa64c647206102d4753569ba1abb538d685/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-08-29 04:26:45 UTC

File Type:

PE (.Net Exe)

Extracted files:

4

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dp3hxft4qol37kzc4mtlzzxpuzggi4qgcawuou2wtoq2xnjy22cq._file

Verdict:

unknown

Similar samples:

00c3032bacb17b0624f5f550e22169259a9f4c1212845cb202be466fae55aaf7

044c48fe42178958d8f55e5404e056ff0f1071d865deda9cc42518ab2c87fda7

21cea3a243809c8cc06412ffd647e4896b35a246cf8c365484e0419477d94b37

2302005fdd7c57d73c350d541fd0020b051efffdf02a4f3c3e1671cacea30043

5c6a46b8db4713a9679ae9b069515a45d73088d55555111f5f1114af921eabdc

a89a031dfd0e3e2a92183bf3741f42668132dd8a4dc852bfe142159e0963d03f

a990373e6225384bd1bab3441dc0cb881f1e03f51f83f7923ca6c9ff228bee5c

ac3d6770654e9274a348c63c14b7b057ab38ff81a2377aec01a987ddb9e6ed82

bcd7372fd84fe78e97a72a842df6cab2a5d7a47909a3fd05b13f6f4990de8a7f

ebcea3b90af00f67983ebb15abec7e46a480818904a74764aab402da08d7b16b

+ 536 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware stealer spyware family:masslogger

Link:

https://tria.ge/reports/200829-wq2z5vaz92/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of web browsers

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1bf67b967c8397bfab22e326bce6efa64c647206102d4753569ba1abb538d685

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 1bf67b967c8397bfab22e326bce6efa64c647206102d4753569ba1abb538d685

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/52782/

URLhaus

https://urlhaus.abuse.ch/url/446450/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample