MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4903fbe3e8ee4bc49035c9fb6e8fd3d258f3daadf237d6b1f8dd3fe41cb4ced9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4903fbe3e8ee4bc49035c9fb6e8fd3d258f3daadf237d6b1f8dd3fe41cb4ced9
SHA3-384 hash: b9da50974e1dd50e3ad4b100fc64d77a1ed2374d5c63090b0204cf6463102adfda5be803bada8405592d5486e982579a
SHA1 hash: 20b6a557c495e76bd4c97d3c84e2efeba160ec1d
MD5 hash: b11c3ec5c3429224d8ddfcaecbd107b0
humanhash: tennessee-lemon-low-failed
File name:RFQ-CS-2026-1340-PR-1009380228-MQ.msi
Download: download sample
Signature MassLogger
Create hunting rule
File size:69'632 bytes
First seen:2026-05-30 07:05:02 UTC
Last seen:2026-06-02 06:47:41 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 768:wuOkcPMvEvdZYdVj6LaEH0S1tu2lh+OpfkL56fSQMaN3YW6qCGZMYxC:FcPMv2EdSXlgq46fVxCcb
TLSH T1BA63AF46F750E232C2820772851FDBE68F65AC4C4FB385137226B34C1F726D496ABAE4
TrID 88.4% (.MST) Windows SDK Setup Transform script (61000/1/5)
11.5% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter jahlives
Tags:exe-in-archive MassLogger msi spamtrap

Intelligence

File Origin
# of uploads :
5
# of downloads :
68
Origin country :
DE DE
Vendor Threat Intelligence
Malware configuration found for:
MSI Nova
Details
MSI
an embedded setup program or component
Nova
SMTP, FTP, or Telegram configuration
Link:
https://research.acce.ciphertechsolutions.com/results/7d8af77e-be49-4805-bc7c-3bf4c1475358/
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/68520/
Detection(s):
SecuriteInfo.com.BackDoor.RatNET.2.26264.6239.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a1a34155a2e3b5e58e40422
Tags:
backdoor virus blic
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 installer reconnaissance stealer wix
Link:
https://www.filescan.io/uploads/6a1a8c3f099ef368af0e68f3/reports/ec9035ef-c7d5-46d7-8594-ec961c37b4b2/overview
Verdict:
Malicious
Labled as:
Malware.Generic
Link:
https://www.hybrid-analysis.com/sample/4903fbe3e8ee4bc49035c9fb6e8fd3d258f3daadf237d6b1f8dd3fe41cb4ced9
Verdict:
Malicious
File Type:
msi
First seen:
2026-05-29T20:21:00Z UTC
Last seen:
2026-06-01T02:59:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Win32.Generic HEUR:Trojan-PSW.MSIL.Stealer.gen HEUR:Trojan-PSW.MSIL.Agent.gen HEUR:Trojan-Spy.MSIL.Agent.sb Trojan-Spy.MSIL.BPLogger.sb Trojan-PSW.Win32.Stelega.sb Trojan-PSW.Win32.Stealer.sb
Link:
https://opentip.kaspersky.com/4903fbe3e8ee4bc49035c9fb6e8fd3d258f3daadf237d6b1f8dd3fe41cb4ced9/results?tab=lookup
Score:
98%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/4903fbe3e8ee4bc49035c9fb6e8fd3d258f3daadf237d6b1f8dd3fe41cb4ced9
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4903fbe3e8ee4bc49035c9fb6e8fd3d258f3daadf237d6b1f8dd3fe41cb4ced9/
Threat name:
ByteCode-MSIL.Spyware.Snakelogger
Create hunting rule
Status:
Malicious
First seen:
2026-05-30 00:49:27 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
21 of 38 (55.26%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jeb7xy7i5zf4jebvzh5w5d6t2jmphwvn6i35nmpy3u76ihfuz3mq._file
Verdict:
malicious
Label(s):
novastealer
Create hunting rule
Similar samples:
error
MassLogger
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger collection discovery persistence privilege_escalation ransomware spyware stealer
Link:
https://tria.ge/reports/260530-hwsyhshx5l/
Behaviour
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
outlook_office_path
outlook_win_path
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Accesses Microsoft Outlook profiles
Enumerates connected drives
Looks up external IP address via web service
Executes dropped EXE
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Family: MassLogger
Malware family:
PrivateLogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4903fbe3e8ee/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4903fbe3e8ee4bc49035c9fb6e8fd3d258f3daadf237d6b1f8dd3fe41cb4ced9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/68520/

Comments