MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 3909d98e17a32e0f29fbe151a84907b5319b2f8317ba04a8c55ad9668db37e3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
MassLogger
Vendor detections: 6
| SHA256 hash: | 3909d98e17a32e0f29fbe151a84907b5319b2f8317ba04a8c55ad9668db37e3b |
|---|---|
| SHA3-384 hash: | 0b03f981cffa3275e5b73e1bdc6218aab564ca3ab83149b4b1407e7d88d5572426629b8b871b90d7e1affc60b3b2d35b |
| SHA1 hash: | 02fe589f59943e848bffb0ddd6a3aacd507a8cc2 |
| MD5 hash: | 5aa8483a8c628f34d66a2f29a205ba93 |
| humanhash: | west-delaware-april-hawaii |
| File name: | PO#7543.exe |
| Download: | download sample |
| Signature | MassLogger |
| File size: | 1'094'144 bytes |
| First seen: | 2020-10-22 07:49:26 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger) |
| ssdeep | 24576:OWaFDaxVJSFrq7nXp9+AtQdbak01iw4qOLOKc0eoZTB+:rc4Xp9tuba5OLnjJZd+ |
| TLSH | 2635CF9D322072EFC85BD472DEA81D64EB6164BB531F5203A06716ADEE4D897CF240F2 |
| Reporter |  abuse_ch |
| Tags: | exe MassLogger |
abuse_ch
Malspam distributing MassLogger:HELO: api.bancamm.com
Sending IP: 167.71.168.105
From: Anna P <info@bancamm.com>
Subject: Update on invoice#980
Attachment: PO7543.zip (contains "PO#7543.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Launching a process
Deleting of the original file
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Status:
Malicious
First seen:
2020-10-22 03:58:35 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
unknown
Result
Malware family:
masslogger
Score:
10/10
Tags:
spyware stealer family:masslogger
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Deletes itself
Reads user/profile data of web browsers
MassLogger
MassLogger Main Payload
Unpacked files
SH256 hash:
3909d98e17a32e0f29fbe151a84907b5319b2f8317ba04a8c55ad9668db37e3b
MD5 hash:
5aa8483a8c628f34d66a2f29a205ba93
SHA1 hash:
02fe589f59943e848bffb0ddd6a3aacd507a8cc2
SH256 hash:
bac5797bde4b2810766a40d95bcdb825ac5b395fcbadd139daa19a44a6cdc049
MD5 hash:
a92cc1f6e0a2742350dfda6726db14c0
SHA1 hash:
e5404e3ed46498deb8ad8966a774540c2b8e9c1e
SH256 hash:
8c031397e063406a2b6a6ed0d6de292bb36750fd6fe32123f011940c8b583b27
MD5 hash:
be49223d4acfed6277d12f4a419eceb2
SHA1 hash:
0ebac4503ea7cf7c79511e857e848695d3700e7c
Detections:
win_masslogger_w0
SH256 hash:
86ff6ea70206646e337fe20ac9f25583dfd49fe2f4e686d7939094650d21aff7
MD5 hash:
cac4eca4de94a8bedec80bd690b942d1
SHA1 hash:
417c3e09ff01c32a75e8e2326e5b4d23c22a5c2b
SH256 hash:
68c5c827469c7ad667b6476d21e5f64501d24fb578aa90c7ee4eeab7db385c7c
MD5 hash:
bd2deff7c92eb146d2f5d350b38ec5de
SHA1 hash:
8784d9cd0ec55d1765b0dcb8a3dd858d962c984c
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.