MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45eac93db3a0554afa555fdfced45c8bd9d5c973d05f3e4b40219be984dd0d28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	45eac93db3a0554afa555fdfced45c8bd9d5c973d05f3e4b40219be984dd0d28
SHA3-384 hash:	3b755fa1cc64081d015ca467591d5bde6144a2867ed244268245615be99f845d3a7a2b3dc762b129fc435b2a12a4c43b
SHA1 hash:	054501a64efc3a07553554d7c7b1ef32dce63187
MD5 hash:	0d3850849b1e8450c5493d93e4ff0151
humanhash:	grey-twelve-four-kansas
File name:	Details.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	785'920 bytes
First seen:	2020-08-18 19:45:38 UTC
Last seen:	2020-08-18 20:48:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'654 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep	12288:mI28SdaPL6cw8gkFZDnT7paG7xkjDrMNu7isTRlK51O2RPBEFfWGCIUuKPy874hj:F21dUe8gSt/lkjXMaBlla1OS27MF
Threatray	673 similar samples on MalwareBazaar
TLSH	05F4125CB664B29FCCBF8E3A95182C74576062775607F2428C4369E7DF18BD2CF009AA
Reporter	abuse_ch
Tags:	exe MassLogger

abuse_ch

Malspam distributing unidentified malware:

HELO: spglobal.com
Sending IP: 194.186.0.234
From: 夏荣慧 <marketingops@spglobal.com>
Reply-To: acounts.cargonave.br@outlook.com
Subject: MV TBN EPDA REQUEST TO DISCHARGE 10,000MT & 25,000MT OF HRC
Attachment: Details.zip (contains "Details.exe")

Intelligence

File Origin

# of uploads :

2

# of downloads :

78

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/48089/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.405.22346.15393.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Creating a file in the %AppData% directory

Creating a file in the %temp% directory

Launching a process

Creating a process with a hidden window

Deleting a recently created file

Unauthorized injection to a recently created process

Creating a file

Using the Windows Management Instrumentation requests

Running batch commands

Enabling autorun by creating a file

Deleting of the original file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/45eac93db3a0554afa555fdfced45c8bd9d5c973d05f3e4b40219be984dd0d28/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-08-18 19:47:07 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ixvmspntubkuv6svl7p45vc4rpm5lslt2bpt4s2aegn6tbg5buua._file

Verdict:

unknown

Similar samples:

1bfdb7e4f0aadba330b6017c2608570e791bfddff789d128ecb5ca9a5a06e6fe

263573ece93d13d69ed99ea6be5715ca5b15e1877ed09a274ca9cf55f4d16a22

673aa6ede02270b33f4a7058ec4e31eabd688ca4c75037ed4a7f92470a42a271

7cc4e45a2448e81c638cf0a84c269d7d926135647f95d318279429587d462e9a

8ae81522b85b942557d654bd85f719d2a8b539106e787c451f0d2856effc6ca4

ab79b2c6cca235d1b6a2bfdc550a15497c03d193d622feaa2e48c3006ef7c0b8

af27bd7180ad756460e32f2ae56db7cbdc8a79e73a36b261a96f803e5b051fd5

b502f774e9192f77aa713347f2747b67df5a473be721226bf0b2d98bdff8a835

c9522b2123a5c1d678125fecafc722f82d46c099f6c1cbcca6b95c2911130927

f749fcdcc06750ec8e3839b52ddd13e9a2023673da83aefe1c13439e1351fab5

+ 663 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware spyware stealer family:masslogger

Link:

https://tria.ge/reports/200818-rylgdcdnze/

Behaviour

Creates scheduled task(s)

Delays execution with timeout.exe

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/45eac93db3a0554afa555fdfced45c8bd9d5c973d05f3e4b40219be984dd0d28

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 17cb37e76842b8311207e62e500abe973511da95af6f9cad253fac11b7503e82

exe 45eac93db3a0554afa555fdfced45c8bd9d5c973d05f3e4b40219be984dd0d28

(this sample)

Dropped by

MD5 18e9b54afbf7782c9dcc9532634b3cbf

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/48089/

Dropped by

SHA256 17cb37e76842b8311207e62e500abe973511da95af6f9cad253fac11b7503e82

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample