MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32c68f91ed1fb9707c884eab8b0a0dc11a5a83a3bee9e35616b9c3cba0ef8489. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32c68f91ed1fb9707c884eab8b0a0dc11a5a83a3bee9e35616b9c3cba0ef8489
SHA3-384 hash: dd99f27457b9adc30bacf25a722abd82e7c6aa4f63026ca7dcd818e7323dc39930ac9d07745a369a1e03b3aaf4de8fe9
SHA1 hash: f11ee488de145e3e6f29b6f2a54af4b685784034
MD5 hash: 80793622b552dea4d6022238a10b20dd
humanhash: speaker-helium-mango-uncle
File name:80793622b552dea4d6022238a10b20dd.dll
Download: download sample
Signature MassLogger
Create hunting rule
File size:638'976 bytes
First seen:2020-12-18 07:36:26 UTC
Last seen:2020-12-18 09:58:59 UTC
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 12288:sSW0XjXDxqcVjgpYpSxncehdh0F2QA/RuWDgf9c9ArTl3+QF4/WkPj:pW0Xj9qijgYoZceB0MZu1fuKuQF4OMj
Threatray 878 similar samples on MalwareBazaar
TLSH E3D4BF6E395A896DC99858B5F0FF9D395DEE48F7AA32D06474440ECB0E09ED01F8E348
Reporter abuse_ch
Tags:dll MassLogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108310/
Detection(s):
SecuriteInfo.com.ArtemisTrojan.3554.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/566059
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Binary contains a suspicious time stamp
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/32c68f91ed1fb9707c884eab8b0a0dc11a5a83a3bee9e35616b9c3cba0ef8489/
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
284e6c1be1082009ad41635b412d4a68fda91db0db225edacfcb2d80056e039c
MassLogger
354d3e283f994802a084678c53be397a4ea4d46d7e48487e6db6c46f6f91ffb9
MassLogger
383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c
MassLogger
4f4ecb62cff991d6e30675be71df634dd9f0e48ce95c4ba92fc9116d6cc25896
MassLogger
7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974
MassLogger
7e9b9bbb673e25ab8ee790dbfd2a3e489c0d3a88ab73aafe671f68982f1b41da
MassLogger
8025c16aa7b7e0d0dfe71e8f627c287ebefc935a6b65cf180409f36633626277
MassLogger
8a0212846806b7a822b1275aa4421addc9914c4a988fc0ac6458a48dd99ff50d
MassLogger
c721b0763a2f11e043a9f309937f65e16e9a27f42e103ab45252c83727415367
MassLogger
fcbe71082a3592c66d1c16e331ee3af753087b46c63a118cab63cc5869e65b9a
MassLogger
+ 868 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201218-hwlfakp222/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
32c68f91ed1fb9707c884eab8b0a0dc11a5a83a3bee9e35616b9c3cba0ef8489
MD5 hash:
80793622b552dea4d6022238a10b20dd
SHA1 hash:
f11ee488de145e3e6f29b6f2a54af4b685784034
Link:
https://www.unpac.me/results/7aea9cc8-b7aa-499c-9df0-79378c4addd9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/32c68f91ed1fb9707c884eab8b0a0dc11a5a83a3bee9e35616b9c3cba0ef8489

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MassLogger

DLL dll 32c68f91ed1fb9707c884eab8b0a0dc11a5a83a3bee9e35616b9c3cba0ef8489

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/891560/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108310/

Comments