MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 242c20784a19993ce2896684480243fe63d33b065fe9ef74d48b958a91cd4e48. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	242c20784a19993ce2896684480243fe63d33b065fe9ef74d48b958a91cd4e48
SHA3-384 hash:	07d304513f1542d5ffc072654ad81382c5f24bada87f99c3de452d54ec6833b7cc0fcf2a759199e4b5faee6b7e146bb9
SHA1 hash:	cf6749d875e1cc451890d96d26ffbc226778bb9f
MD5 hash:	94196b70530b597f111cd799149d4baf
humanhash:	oranges-low-nuts-bravo
File name:	SCAN_20200805_1524203946573.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	1'275'904 bytes
First seen:	2020-08-05 11:40:44 UTC
Last seen:	2020-08-05 15:25:26 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	6f6a6c4d7e3c496aeb050e49f17c295e (6 x MassLogger, 5 x Loki, 4 x AgentTesla)
ssdeep	24576:h3+RcOn0TC3moKh1tMz8AVt4UbPm7SoH1BOXzZW2hyaId+yIOcCZsUd1:h3+dN+Mz8AVt4UbPm7SoHKZXTTyI3CKI
Threatray	2'162 similar samples on MalwareBazaar
TLSH	5E45D022E2D044F7D07316789C5F97B7AC26BD007928A8462BF55F0C5E396A13D3A2B7
Reporter	abuse_ch
Tags:	exe geo MassLogger TUR

abuse_ch

Malspam distributing unidentified malware:

HELO: teb.com.tr
Sending IP: 156.96.58.85
From: hasan.huseyin.isik@teb.com.tr
Reply-To: 'hasan.huseyin.isik@teb.com.tr' <logzgo99@yahoo.com>
Subject: Faks e mail talimat hakkında
Attachment: SCAN_20200805_1524203946573.r00 (contains "SCAN_20200805_1524203946573.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Ispy

Link:

https://www.capesandbox.com/analysis/39462/

Detection(s):

SecuriteInfo.com.Variant.Strictor.247961.5681.1845.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Unauthorized injection to a recently created process

Using the Windows Management Instrumentation requests

Running batch commands

Creating a file

Launching a process

Deleting of the original file

Result

Threat name:

MassLogger RAT

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/411004

Signature

Contains functionality to detect sleep reduction / modifications

Deletes itself after installation

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Maps a DLL or memory area into another process

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected MassLogger RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/242c20784a19993ce2896684480243fe63d33b065fe9ef74d48b958a91cd4e48/

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2020-08-05 10:38:03 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=eqwca6ckdgmtzyujm2ceqasd7zr5goygl7u665gurokyveonjzea._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

MassLogger

090f00c2fac982400e72c628633fbc922f445f95a7512b16fd7cc8dd14b66277

MassLogger

1bf6f08f2432324bd7bf5cc0cca3ac23c559547f404c8f62be7a2d209f74aff4

MassLogger

46ab925658c2211a7dd6856b2cc2a8336eb920d6a6602b75b43602fc7b6f9971

MassLogger

66fb40a5ca213c6ea3377dc16e9e4e25ccd412a1b5da20399c7180d714bc10b0

MassLogger

84321d91850ce025e214ab49400d8c1fade931a55483a87582f4f266e3ec196b

MassLogger

921535a6ad60e212e6628f7ae40b356db57c7be4a70c4616d032226fca211523

MassLogger

ab5b1c3d9e87aacfe6b37cc962e80a62a3acef7eddcdca78649eda365c04fa45

MassLogger

f08dc58f88fe30098a5589d459e409efb0d27c47fdefe2e1e602b01e2b177c95

MassLogger

fc32533f8d31e6e59cadd43a08766aa524566ace951cc35c3d891ed0222ed8f5

MassLogger

+ 2'152 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware upx stealer spyware family:masslogger

Link:

https://tria.ge/reports/200805-e82k51x876/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of web browsers

UPX packed file

MassLogger log file

MassLogger

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/242c20784a19993ce2896684480243fe63d33b065fe9ef74d48b958a91cd4e48

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 25153f00d841c6a41619c7c630dde71dcf443205ce1436f1a7aa4ac682de2e5f

MassLogger

exe 242c20784a19993ce2896684480243fe63d33b065fe9ef74d48b958a91cd4e48

(this sample)

Dropped by

MD5 5494034355aba3dce71a87bb3acffc6a

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/39462/

Dropped by

SHA256 25153f00d841c6a41619c7c630dde71dcf443205ce1436f1a7aa4ac682de2e5f

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample