MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 490a1129bc3a754001293f653954bd2a76f2dd5b847fd57a38fe553bcb9f56eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 490a1129bc3a754001293f653954bd2a76f2dd5b847fd57a38fe553bcb9f56eb
SHA3-384 hash: f0750e0644000f6040b3dda5f7b8abfbdee2bcfc03e2bc1692076deb32bb25f90fe3f6144aad7bf0c2981cbdd51a0137
SHA1 hash: 38f8cd203042dbc6104064e2f62a285f52005905
MD5 hash: 33133b3949ddef935dadcf44a1f6c99a
humanhash: six-mexico-green-failed
File name:DB54NXQP1.gz
Download: download sample
Signature MassLogger
Create hunting rule
File size:759'223 bytes
First seen:2026-05-05 07:04:31 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:0VlvzEvg1whn12VHtyYjZ4G93XW4hoteDcC+26GYFcC3pJE6MpApl4bxXYmm9X5o:07zJm12Bty8pqteDcNF3E3mpl7ZJUX
TLSH T1A8F43344D6B7247E0C67F3434A2F812EA758BA6272A44550EED3D3257F08D29AFCB478
Magika gzip
Reporter atrotossavainen
Tags:gz MassLogger


Avatar
atrotossavainen
From: "cargo_notice@mail.evergreen-line.com" <tender@ddylsteel.com>
To: undisclosed-recipients: ;
Subject: IMPORT UNCLAIMED CARGO NOTICE Ref-no: <<A5_DB54NXQP.CNT>>

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
FI FI
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:DB54NXQP1.exe
File size:812'032 bytes
SHA256 hash: b2200413605207ffe207f090edd05e0bc57a7ca555bb350d3402e0a772a0fb73
MD5 hash: 4727a00ddf7e28f131a00d2404b8c1c8
MIME type:application/x-dosexec
Signature MassLogger
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Other.Malware-gen.99439553.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypt formbook packed unsafe vbnet
Link:
https://www.filescan.io/uploads/69f996a62fcb905ec27f7053/reports/b4af3c33-7d8b-4e75-ae19-50b10a97e988/overview
Verdict:
Malicious
Labled as:
Malware.Generic
Link:
https://www.hybrid-analysis.com/sample/490a1129bc3a754001293f653954bd2a76f2dd5b847fd57a38fe553bcb9f56eb
Verdict:
Malicious
File Type:
gz
First seen:
2026-05-05T01:41:00Z UTC
Last seen:
2026-05-06T00:52:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/490a1129bc3a754001293f653954bd2a76f2dd5b847fd57a38fe553bcb9f56eb/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/490a1129bc3a754001293f653954bd2a76f2dd5b847fd57a38fe553bcb9f56eb
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
.Net Executable GZip Archive Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.32
Link:
https://app.malva.re/file/33133b3949ddef935dadcf44a1f6c99a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/490a1129bc3a754001293f653954bd2a76f2dd5b847fd57a38fe553bcb9f56eb/
Verdict:
Malicious
Threat:
Family.SNAKE
Link:
https://tip.neiki.dev/file/490a1129bc3a754001293f653954bd2a76f2dd5b847fd57a38fe553bcb9f56eb
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2026-05-05 06:15:07 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
20 of 38 (52.63%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jefbckn4hj2uaajjh5stsvf5fj3pfxk3qr75k6ry7zktxs47k3vq._file
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger collection discovery spyware stealer
Link:
https://tria.ge/reports/260505-h45bhsas8s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
System Location Discovery: System Language Discovery
SmartAssembly .NET packer
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Family: MassLogger
Malware Config
C2 Extraction:
https://api.telegram.org/bot8528232795:AAEcxrshf3NCvH1DpgB1iUuJ-dP6S1-Hbe0/sendMessage?chat_id=6623091671
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/490a1129bc3a754001293f653954bd2a76f2dd5b847fd57a38fe553bcb9f56eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 490a1129bc3a754001293f653954bd2a76f2dd5b847fd57a38fe553bcb9f56eb

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments