MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 284e6c1be1082009ad41635b412d4a68fda91db0db225edacfcb2d80056e039c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 284e6c1be1082009ad41635b412d4a68fda91db0db225edacfcb2d80056e039c
SHA3-384 hash: 26c50e4309ebed31bbc6b9051359eeb99dc504e3a3f7377497cd95836f0e543d3f1c724f15ecfcef1d7ca523de15ebda
SHA1 hash: 870173a6bb8c28d4d939863f732f30d3180d0344
MD5 hash: d902eaa925495109b9beaf4126a7fec0
humanhash: speaker-nevada-mars-high
File name:d902eaa925495109b9beaf4126a7fec0.dll
Download: download sample
Signature MassLogger
Create hunting rule
File size:848'384 bytes
First seen:2020-12-07 19:28:07 UTC
Last seen:2020-12-07 21:39:08 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 24576:pW0Xj9qijgYoZceB0MZu1fuKuQF4OMgZUYK29mW:p3ZDoZcO0MZu1fuKWJg2Y
Threatray 875 similar samples on MalwareBazaar
TLSH 1705C02E292A896DCA985C75F0FFDD395DEE48F7AA62D06474400ECB0E49ED01F8D349
Reporter abuse_ch
Tags:dll MassLogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107095/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.44859491.30638.20243.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/557301
Signature
Binary contains a suspicious time stamp
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/284e6c1be1082009ad41635b412d4a68fda91db0db225edacfcb2d80056e039c/
Threat name:
Win32.PUA.Presenoker
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 21:11:44 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  1/5
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
305d2dc35b0ce0040b0223e8fb187e04ac7c36e99ad620a7b824035183a2ccea
MassLogger
354d3e283f994802a084678c53be397a4ea4d46d7e48487e6db6c46f6f91ffb9
MassLogger
383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c
MassLogger
4f4ecb62cff991d6e30675be71df634dd9f0e48ce95c4ba92fc9116d6cc25896
MassLogger
7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974
MassLogger
7e9b9bbb673e25ab8ee790dbfd2a3e489c0d3a88ab73aafe671f68982f1b41da
MassLogger
8025c16aa7b7e0d0dfe71e8f627c287ebefc935a6b65cf180409f36633626277
MassLogger
8a0212846806b7a822b1275aa4421addc9914c4a988fc0ac6458a48dd99ff50d
MassLogger
c721b0763a2f11e043a9f309937f65e16e9a27f42e103ab45252c83727415367
MassLogger
fcbe71082a3592c66d1c16e331ee3af753087b46c63a118cab63cc5869e65b9a
MassLogger
+ 865 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201207-87vhgbe9aa/
Unpacked files
SH256 hash:
284e6c1be1082009ad41635b412d4a68fda91db0db225edacfcb2d80056e039c
MD5 hash:
d902eaa925495109b9beaf4126a7fec0
SHA1 hash:
870173a6bb8c28d4d939863f732f30d3180d0344
Link:
https://www.unpac.me/results/d602f645-7793-491d-ad53-b31633acedcf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/284e6c1be1082009ad41635b412d4a68fda91db0db225edacfcb2d80056e039c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MassLogger

DLL dll 284e6c1be1082009ad41635b412d4a68fda91db0db225edacfcb2d80056e039c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/891560/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/107095/

Comments