MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43c22ad8da4c7b3702e70d5c97e7ceed85a50dbd7926fccc5eda0bd775fcec51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: 43c22ad8da4c7b3702e70d5c97e7ceed85a50dbd7926fccc5eda0bd775fcec51
SHA3-384 hash: c860d59d632abc1a5c6bec076179035b95479f917a96285e07c9e2f56f2bb509ea2ac90bfad0b63b7099faaa81878eb5
SHA1 hash: 0cb670cbaf18ddcc3b53810d133c312ac734e51f
MD5 hash: 7d79b1f7dbf678558734e2e3941edab3
humanhash: oven-uniform-zulu-juliet
File name:Shipment Docs_Eval-MV-#00019839991900.exe
Download: download sample
Signature MassLogger
File size:2'005'504 bytes
First seen:2020-06-17 18:19:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 49152:6Vg5tQ7aN5xsrL2CwS8IEKAjhAZlTqKVDqd0P5:kg565LA1kAlAbqKN
TLSH 8695F11333EEC365C3726273BA25B701AEBFB82506A1F55B2FD4097DB920121525EA73
Reporter @abuse_ch
Tags:exe


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: curbvmf.curbell.com
Sending IP: 66.153.41.190
From: Gowsalya.P <docs@tidelcargo.com>
Subject: Fwd: SHIPMENT DOCUMENTS / RECEIVING CAN & ORIGINAL DOCS & CORRECTIONS IN HBL SPLIT
Attachment: Shipment Docs_Eval-MV-00019839991900.r09 (contains "Shipment Docs_Eval-MV-#00019839991900.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
37
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Gathering data
Gathering data
Result
Malware family:
masslogger
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Behaviour
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
Deletes itself
Drops startup file
MassLogger
MassLogger log file

Yara Signatures


Rule name:masslogger_gcch
Author:govcert_ch

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 43c22ad8da4c7b3702e70d5c97e7ceed85a50dbd7926fccc5eda0bd775fcec51

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments