MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2afd6527968b76196a9433fa40dc66ba80d408dd61efca8cafe65c41d0f731ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	2afd6527968b76196a9433fa40dc66ba80d408dd61efca8cafe65c41d0f731ff
SHA3-384 hash:	1fe8acb257e2db0cc46657a78787c086b8ef114a50767efd7ab9dcffa46be7f7fc35996d4a6c0fcd50d8ce5183cba278
SHA1 hash:	3132b6a2b4341e2a30bd1ae65d923611357f1c34
MD5 hash:	cf73fb83fea2fd71173cb827613ec807
humanhash:	uniform-lemon-floor-rugby
File name:	Order 01001O02.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	220'160 bytes
First seen:	2020-10-06 13:15:17 UTC
Last seen:	2020-10-06 13:42:28 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	3072:Z1eHhH1WYhQZupH4bTWbXuZWQyI+nclPn7trvTS0sylc1dB5EwzaY:Z1eHhHoYmZ+HeuXuAQypk7tLT2dBTza
Threatray	36 similar samples on MalwareBazaar
TLSH	A724D613F9A6060BDA4727B2F6EA2D71973751C23317E60C3BE613902D833EF5A85466
Reporter	James_inthe_box
Tags:	exe MassLogger

Intelligence

File Origin

# of uploads :

2

# of downloads :

94

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68584/

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Using the Windows Management Instrumentation requests

Sending a UDP request

Launching a process

Enabling autorun by creating a file

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/482767

Signature

Adds a directory exclusion to Windows Defender

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Creates an undocumented autostart registry key

Initial sample is a PE file and has a suspicious name

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2afd6527968b76196a9433fa40dc66ba80d408dd61efca8cafe65c41d0f731ff/

Threat name:

ByteCode-MSIL.Infostealer.CoinStealer

Status:

Malicious

First seen:

2020-10-06 01:03:43 UTC

File Type:

PE (.Net Exe)

Extracted files:

3

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fl6wkj4wrn3bs2uugp5ebxdgxkanicg5mhx4vdfp4zoeduhxgh7q._file

Verdict:

malicious

Label(s):

masslogger

Similar samples:

03fa4f4d4dae06093153f6e59e62c64006fa7753c3fd07ab6f96b217f500113d

25565e82a4ff19e43439a8188345ec8ad8d3538529dec10764c9ffba163ceb6c

4786c4e0b64e49ed37f8215c2b6c778ec6c7b31a4d044cab66d46c904c6a7cba

4c66ebb40e5abd92b6a6985e8409116c5424ebb9af0c320cbafb031698e5022c

712570e39e1f912cebe3d6522f2df4077ec0958d3ea3b0797e2492c4923db8f5

96a8399aef7760c49b1b2fd59de6f8747f5de3bf85249c5d7e09e7499a5c097f

b3124db4cffc55f2d3ee216ea71ea422ad3d4d7ff025d068a4cc2261fa43e4b3

d438dd09e9249c6ffc54851f110cf512d226d1d2bd4ad10ace66038494a4f295

d9f4e53838a43981dee675993924484cd508c1d6fe40d619694e313e9d1e6569

fc87713edf4f4aa23cf04040a4f47604550b4ca2da324c0c3daf4fdcac6fa17f

+ 26 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201006-jlzgy7bqrn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

2afd6527968b76196a9433fa40dc66ba80d408dd61efca8cafe65c41d0f731ff

MD5 hash:

cf73fb83fea2fd71173cb827613ec807

SHA1 hash:

3132b6a2b4341e2a30bd1ae65d923611357f1c34

Link:

https://www.unpac.me/results/e66e8a0a-2fd6-4089-bbd6-f08a9cb12d89/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.77

Link:

https://yomi.yoroi.company/submissions/2afd6527968b76196a9433fa40dc66ba80d408dd61efca8cafe65c41d0f731ff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/68584/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample