MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2cd722bc4e448f38f4e79e69a48a7fc3f92c09586e50bc0f3f9f8dc5f4495fcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2cd722bc4e448f38f4e79e69a48a7fc3f92c09586e50bc0f3f9f8dc5f4495fcc
SHA3-384 hash: a997184b8ef38b73dbc05392541a701de05ea895e1a4266001a05ea916065ee2f131cee159b27e919700075e283630f5
SHA1 hash: 5bd2413bcf65710cff4291c55c852005064f9ce5
MD5 hash: a585ad86305df1b471b389b94ec98362
humanhash: table-lamp-arkansas-single
File name:a585ad86305df1b471b389b94ec98362.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'626'624 bytes
First seen:2021-02-27 06:46:30 UTC
Last seen:2021-02-27 09:04:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:yCApY7J5ywI1AtC4Hic4Rh9xR3tVXanTqqoD4s8hYAS1Ve:y/45ywbIJFPRATboDWnSH
Threatray 58 similar samples on MalwareBazaar
TLSH 2B75E08E7625DE52D3E42631CA87C16C03A1FDAAB263BB5B6F6C712578126334D043DB
Reporter abuse_ch
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a585ad86305df1b471b389b94ec98362.exe
Verdict:
Malicious activity
Analysis date:
2021-02-27 06:47:25 UTC
Tags:
trojan rat redline stealer
Link:
https://app.any.run/tasks/65b7e3e5-ef88-4457-b4b0-fcac1471098e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119564/
Detection(s):
SecuriteInfo.com.generic.ml.31164.12224.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Connection attempt
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/620328
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2cd722bc4e448f38f4e79e69a48a7fc3f92c09586e50bc0f3f9f8dc5f4495fcc/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-27 00:02:53 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
3b9f555888df6326a6a0c7dd2c2c1c2d78bbb969c1b7d40ea0d0e9679a06bbc5
MassLogger
5389a958986f6ceccaa9e44006852becbccabfb07f126d69e6b031227fb0b487
MassLogger
5637daf1b0a5e312bf2118b89083c186fa32f074a12006ef7df0e49ce51f40c1
MassLogger
7c19dad6af8b2138eb289abbf8f64664ddc07f8d9f715445e8774c3bff4fbb02
MassLogger
82f9d45ee92a5f51af44dc11384e5a10fa12fbb46659291dc188a9222d17fc34
MassLogger
a2c3a1451cbc854d4b5929132eb96e9e34b2a1f3bedb490b26699381bb80eeee
MassLogger
ae1101f81ed495b405d0f80d678da0a6eff8e2f9c432734302ffb764b215de0a
MassLogger
cf1e8f2fc2dd05514be3e8f92abf5b266dfb1547cc611dabc0cc4eea5a1b7dfe
MassLogger
d217032899487162688fa6c3855e13040b074de38d9c57c91b47c1190842edc2
MassLogger
fe40a261819b8c1f1308aaded3d797fd2ade74c2bb23f51deedc4b5b0c0f2d6f
MassLogger
+ 48 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
agilenet discovery spyware
Link:
https://tria.ge/reports/210227-dyklxv82z6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Obfuscated with Agile.Net obfuscator
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
2cd722bc4e448f38f4e79e69a48a7fc3f92c09586e50bc0f3f9f8dc5f4495fcc
MD5 hash:
a585ad86305df1b471b389b94ec98362
SHA1 hash:
5bd2413bcf65710cff4291c55c852005064f9ce5
Link:
https://www.unpac.me/results/49f27785-c386-4524-8a41-75aaae7bc8ab/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.52
Link:
https://yomi.yoroi.company/submissions/2cd722bc4e448f38f4e79e69a48a7fc3f92c09586e50bc0f3f9f8dc5f4495fcc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MassLogger

Executable exe 2cd722bc4e448f38f4e79e69a48a7fc3f92c09586e50bc0f3f9f8dc5f4495fcc

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/119564/
  
URLhaus
https://urlhaus.abuse.ch/url/993438/
  
Delivery method
Distributed via web download

Comments