MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a58855a902398680563edf448779739201772e044102fe1c733f54fa9c936c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a58855a902398680563edf448779739201772e044102fe1c733f54fa9c936c1
SHA3-384 hash: 845f781264a94b4497494e8c04ed86da7214802ac42c8cb62b77c1dbff671c755041208031aec1520aacb9d635129520
SHA1 hash: 0d89d56bac5838a3f0854e43b42e564d290f4935
MD5 hash: 36117a183609bb6953d3f78bb45ee5b9
humanhash: zebra-video-enemy-tango
File name:Clasquin France SA - Demande client 001071 - SKBMT-07-31-2020-105-img00215.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:19'968 bytes
First seen:2020-07-31 10:55:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 384:J2wggKj3J29YT960sUR0wnEinGPL5LL3qvTg3LzLdK2sGAt:J2jjJ29YwUR0wnEiGDJaono2sGAt
Threatray 27 similar samples on MalwareBazaar
TLSH 73927C1403A8CA67D1B4CDB37BD395520639EA0A9EB3C7FD5EC41087DA923464B13BE9
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: effectivecloud.mynewserver.com
Sending IP: 46.226.193.113
From: Sébastien Laprade <leh@clasquin.com>
Subject: Clasquin France SA - Demande client: 001071
Attachment: Demande client 001071.r00 (contains "Clasquin France SA - Demande client 001071 - SKBMT-07-31-2020-105-img00215.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/36445/
Detection(s):
SecuriteInfo.com.FileRepMalware.19264.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/405925
Signature
Bypasses PowerShell execution policy
Creates processes via WMI
Detected unpacking (overwrites its own PE header)
Obfuscated command line found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a58855a902398680563edf448779739201772e044102fe1c733f54fa9c936c1/
Threat name:
ByteCode-MSIL.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-07-31 10:57:04 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hjmikwuqeomgqbld5x2eq54xheqbo4xaiqic7yohgp2u7kojg3aq._file
Verdict:
malicious
Similar samples:
00eefa6efa1815770b9bcd826b985d67668194c98329e0c339060b9d22e6483d
MassLogger
08c31318d635778eaaf19c55440ed58570e764db28339f3061d927d9f3643ce3
MassLogger
6e57b3151e696198fa799ccdc91d05ecee2462f5adc2ec5cd591b745165106e8
MassLogger
785fb441663997067c0126c5574423d01242220e107db86c847ad8ea30752729
MassLogger
7cf72bae10afa79e537315303bc0ffd4ab5159102347818158796b4a05692403
MassLogger
b59427205b88d9cd8b38bf4c99f902d569085b708a9eb3c6c8b6d8a8ea7a361d
MassLogger
c80ce609bceb3fb3d9c3432d8d42503644299c1ccf9a1b9d6f82f116948fed8a
MassLogger
e2fd6aebc7a60437230991c513652d4ead9b99cdd5eff335dd698dc11008aed1
MassLogger
eda6bc27798b7230d63cae9225c466b67b05e788b315e4dc443c43cf1baabfca
MassLogger
eea7d4aca711aac314c2084ec894f1a02077e3c15e1d2dde7ec6fb3b902f0842
MassLogger
+ 17 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Link:
https://tria.ge/reports/200731-jx3vkrtx8j/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Drops file in System32 directory
Looks up external IP address via web service
Reads user/profile data of web browsers
Blacklisted process makes network request
Process spawned unexpected child process
MassLogger log file
MassLogger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/3a58855a902398680563edf448779739201772e044102fe1c733f54fa9c936c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 3a1730f460d22be352b85060902374e59c3d8d392ce7983008e6ab3d02143f0f

MassLogger

Executable exe 3a58855a902398680563edf448779739201772e044102fe1c733f54fa9c936c1

(this sample)

  
Dropped by
MD5 70f9db6e11b88475cb440823ce06c32c
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/36445/
  
Dropped by
SHA256 3a1730f460d22be352b85060902374e59c3d8d392ce7983008e6ab3d02143f0f

Comments