MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29f20793c95925c35611390902e709a7e12562afe8b3c7298c911e5dd9871526. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29f20793c95925c35611390902e709a7e12562afe8b3c7298c911e5dd9871526
SHA3-384 hash: 8882be8842db59a3b78ddd13dd5c0beaca59d5047c2186805a63145b9c46d67842eeced94da1d867b279cf51c40828b1
SHA1 hash: 9b0d89055954178cc1236bdffb97cf38396013d7
MD5 hash: 923c81b745c3745cc21925c57b3ffcca
humanhash: echo-eighteen-romeo-diet
File name:221720FTTI0173 USD10007.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:959'488 bytes
First seen:2020-06-02 11:59:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 24576:dUADygnEVknPZ+vBv5i5kRVqMFE3aM9/hLweS0UfVFJ:dUAmUdi+YgMi3p9/hHS0UfV
Threatray 414 similar samples on MalwareBazaar
TLSH CF15E09C766072DFC8ABD472DEE85D64EA64747B870F5113946306ADEA4C88BCF240F2
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: slavesmtp.scs-net.org
Sending IP: 213.178.226.249
From: Ailanco <ailanco@scs-net.org>
Subject: RE: Request for sample BTN , style - MGTD05749A CURV & MGTD05751A CURV
Attachment: 221720FTTI0173 USD10007.rar (contains "221720FTTI0173 USD10007.exe")

MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 12:36:59 UTC
File Type:
PE (.Net Exe)
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fhzape6jles4gvqrheeqfzyju7qskyvp5cz4okmmsepf3wmhcuta._file
Verdict:
malicious
Similar samples:
47799b4853ffa2cb541f153f0b50fc335324a5964e04093a8316d4a62eacc8f1
MassLogger
49ced6e317fa96af1310ad10e5b71fea0d84e03b42ff0434f11d312ebb62dbcf
MassLogger
8a3dd3eb355760a77c7bd89e2316c7741e37f9b20435a23d144e58ba856bd7c7
MassLogger
8bc95f1ba65bf54858a20c62bf09e9e39027f8be74369c25401b5e4503b1b553
MassLogger
a2a4fc12990dcf4a9778f96840b49be84f9563edd2b5209b6dac1ffb2ed8e38d
MassLogger
a760f527a357c0102eb9d9ecc6ca76f245d34237b230ce9a38e83ae806ab13cb
MassLogger
c16e569fe7d77436566b268fab7037ab71efb99a5108aa452602479267508305
MassLogger
cac67b5ab04de81f69b8f4f882ad22e26672a61ed96d2e1f69d72f59c36bf401
MassLogger
dc6eb4d716d3a1c045090d38abe87f80e14ab2bbb997268a2190332fb7563dcb
MassLogger
f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818
MassLogger
+ 404 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger coreentity ransomware rezer0 spyware stealer
Link:
https://tria.ge/reports/201109-cslw4rqb1s/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of web browsers
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger Main Payload
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:masslogger_gcch
Create hunting rule
Author:govcert_ch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 8b934d88f39c9d05d2c3f6381cba577dbc1c9ae853521a6e9892536699a75a6f

MassLogger

Executable exe 29f20793c95925c35611390902e709a7e12562afe8b3c7298c911e5dd9871526

(this sample)

  
Dropped by
MD5 c7c7fdcc327d949ba84261a1030c22e3
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8b934d88f39c9d05d2c3f6381cba577dbc1c9ae853521a6e9892536699a75a6f

Comments