MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d0af7312beff6b913ae04b6c6b3f9aac323308a1933952d1c8bd732fdf290ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	3d0af7312beff6b913ae04b6c6b3f9aac323308a1933952d1c8bd732fdf290ce
SHA3-384 hash:	ef08e505fb6c54948f47efe8753940bfa0dcb51741b628bf913c16b2be6c09bdda204c07ebce27c7b488191c49215f3a
SHA1 hash:	c2dc509acef33461268ba76bafbdb11e81e3d759
MD5 hash:	81297e7d0a24d0566bf47c8bebd0a3e2
humanhash:	lion-cold-six-cat
File name:	LP40728194004.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	1'318'912 bytes
First seen:	2020-08-07 13:23:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d2c5bb9650248d566011b3a45aa89b6f (2 x HawkEye, 2 x AgentTesla, 1 x MassLogger)
ssdeep	24576:myrAsCU/TdrqBRzSwEJsYJkqwMUa4UJYnrXWZZSdOkICTv:my6e5xz4JXYZSdOSTv
Threatray	1'242 similar samples on MalwareBazaar
TLSH	8C55BF32B591443ED13226389F7B9EE55C267E132D28B50A2BE41C0F7F3968D35252AF
Reporter	abuse_ch
Tags:	exe MassLogger

abuse_ch

Malspam distributing unidentified malware:

HELO: nslsugars.com
Sending IP: 185.222.57.136
From: enquiryjaymahesh@nslsugars.com
Subject: URGENT ENQUIRY
Attachment: LP40728194004.cab (contains "LP40728194004.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Ispy

Link:

https://www.capesandbox.com/analysis/41639/

Detection(s):

SecuriteInfo.com.Variant.Zusy.310751.14054.21286.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending a UDP request

Using the Windows Management Instrumentation requests

Running batch commands

Creating a file

Launching a process

Deleting of the original file

Result

Threat name:

MassLogger RAT

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/415296

Signature

Contains functionality to detect sleep reduction / modifications

Deletes itself after installation

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Maps a DLL or memory area into another process

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AntiVM_3

Yara detected Costura Assembly Loader

Yara detected MassLogger RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3d0af7312beff6b913ae04b6c6b3f9aac323308a1933952d1c8bd732fdf290ce/

Threat name:

Win32.Backdoor.Androm

Status:

Malicious

First seen:

2020-08-07 13:25:07 UTC

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hufpomjl573lse5oas3mnm7zvlbsgmekdezzkli4rpltf7pssdha._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

MassLogger

3fd662d7caf82ecc8b61b4fa261bc51510851aa36099a85f66c2689c507e11d7

MassLogger

4afbf197b53084d8d3d79ffe791e17b5d4dcddec2b77a531cf33ffd54f3f64d0

MassLogger

4c8728146976e30a09321d1e158aeeb46908c54fa8614ccef7fbc9761956eca4

MassLogger

5bcbbf82aa7c1bde8cddd6a6d50b4b082555ddb0dd23dd468ef238850238ed2a

MassLogger

6cf454ec0892e0367356ae674e93612f1c23d9c99874d8ff7de7d77055cbf9c6

MassLogger

a551bc2327862c1430dac51dce368001622525fae235ca689f7b055e0d3125c7

MassLogger

b8789e245fdcc8f15b3e86a516660004980a8febea95077b7606e5bfc4a7bd31

MassLogger

c7202ac90daa5d696736a32eff2c930eba08332c9416ff6a464ce3ea17f414f9

MassLogger

f38bf49d1b80576d1df0cea02b590d52b16dfd03acfa6f9776fb010bd88ec38d

MassLogger

+ 1'232 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware upx spyware stealer family:masslogger

Link:

https://tria.ge/reports/200807-12yhjtbasj/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of web browsers

UPX packed file

MassLogger log file

MassLogger

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3d0af7312beff6b913ae04b6c6b3f9aac323308a1933952d1c8bd732fdf290ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

cab 8566013b21448ffd04a6e33fd182abdc67c7390417138e6fafd4d1a991a9f690

MassLogger

exe 3d0af7312beff6b913ae04b6c6b3f9aac323308a1933952d1c8bd732fdf290ce

(this sample)

Dropped by

MD5 fd3146643665d569b4781ea76d7ea80b

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/41639/

Dropped by

SHA256 8566013b21448ffd04a6e33fd182abdc67c7390417138e6fafd4d1a991a9f690

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample