MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22d10edc3d0457dd81ee6cd9353e76b3208f8a549c290b80dea1efbbbe120c0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: 22d10edc3d0457dd81ee6cd9353e76b3208f8a549c290b80dea1efbbbe120c0b
SHA3-384 hash: 0e8595ee7063e87858597bf7bd8d5bcde778a26f15d72180ef96b48879f20266d75d331641a242dfc627c72def7ad1af
SHA1 hash: 6d0878ae4973f39cf0e61b6f5ddd662866435ae7
MD5 hash: ada080e31c56a4d65a2e426890504121
humanhash: montana-berlin-freddie-magnesium
File name:EU Business Register.exe
Download: download sample
Signature MassLogger
File size:2'003'456 bytes
First seen:2020-06-16 12:59:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash afcdf79be1557326c854b6e20cb900a7
ssdeep 49152:bh+ZkldoPK8Yau+VeVr/ETVuI62hzyxQLQ:E2cPK8nUVuYsmyL
TLSH EA95E0027395C036FFABA1739B69F20156BD7D290133852F13982DB9BDB01B1267E663
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: ebr-registry.com
Sending IP: 103.226.248.192
From: register@ebr-registry.com
Subject: EU Business Register 2020/2021
Attachment: EU Business Register.CAB (contains "EU Business Register.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
28
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Tiggre
Status:
Malicious
First seen:
2020-06-16 13:00:11 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  5/5
Result
Malware family:
masslogger
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
MassLogger
MassLogger log file

Yara Signatures


Rule name:masslogger_gcch
Author:govcert_ch

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 22d10edc3d0457dd81ee6cd9353e76b3208f8a549c290b80dea1efbbbe120c0b

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments