MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 15


Intelligence 15 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a
SHA3-384 hash: 32b727f43164d01dd22b8bd8d107074563b69305beb6099eb0cdd5d67dc33f2f02549c04cb74aa0f1e2778eff46f3f4e
SHA1 hash: 8ff66df1a855031dfe12db173580c43315a6488c
MD5 hash: d24d95ad6e47389bb0c71485d9be9282
humanhash: ink-november-pizza-beryllium
File name:55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a
Download: download sample
Signature MassLogger
Create hunting rule
File size:902'144 bytes
First seen:2025-11-06 10:20:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'843 x AgentTesla, 19'774 x Formbook, 12'297 x SnakeKeylogger)
ssdeep 24576:BHKAU4p8VJ/LvE0eS2orQLtMAMeFySnqQex44w:BHKN4GVL80eSjQhMAvFyEqQex44w
Threatray 3'974 similar samples on MalwareBazaar
TLSH T1791522583AEDC692D1631BB89E75C17447F0BE5CAA32EB4A1ED96CDF7476B800181383
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter adrian__luca
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a
Verdict:
Malicious activity
Analysis date:
2025-11-06 11:18:05 UTC
Tags:
stealer snake keylogger evasion ims-api generic
Link:
https://app.any.run/tasks/bbba3e7d-d8ef-4483-8879-8ba8d61b4036

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/35682/
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=690c76a05a5ed7864e236eeb
Tags:
backdoor botnet hype
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Gathering data
Verdict:
Malicious
Labled as:
Jalapeno.Generic
Link:
https://www.hybrid-analysis.com/sample/55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-10T07:12:00Z UTC
Last seen:
2025-11-07T15:12:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d62d3b04-cf66-41d6-9979-e5f030779688
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.43 Win 32 Exe x86
Link:
https://app.malva.re/file/d24d95ad6e47389bb0c71485d9be9282
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a/
Threat name:
ByteCode-MSIL.Trojan.VIPKeylogger
Create hunting rule
Status:
Malicious
First seen:
2025-10-10 13:52:36 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
21 of 24 (87.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kuary7txmblbfyjynur5foydmizsnpiedqdx46it2avrn6o5qvfa._file
Verdict:
malicious
Label(s):
novastealer
Create hunting rule
unc_loader_037
Create hunting rule
Similar samples:
3f2a428fd841cfcc962fc2f384208a4226845394bb253341dbe1fff05069a2c8
MassLogger
4aa26829657bbdb5983129321451365832a69fde42f22687b9a7c598f2e04301
MassLogger
75691dfc15e24ea4920f9309bc68aedf808fb60379c0410d898cafaab4f8328b
MassLogger
baa4644728c7e2bb52305701569700be80e76adf9a50bdca2faa54eed64cfc9f
MassLogger
e891403f8727f8c2c54ae409611a0e5e1d3ff015d3172156b761a908bb40b177
MassLogger
error
MassLogger
+ 3'964 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger collection discovery spyware stealer
Link:
https://tria.ge/reports/251106-mdsx1szlfy/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
MassLogger
Masslogger family
Malware Config
C2 Extraction:
https://api.telegram.org/bot8444333453:AAHge7NyKHU_EwZxbErc1RxR1KxrAEpHz_M/sendMessage?chat_id=7785719799
Verdict:
Malicious
Tags:
404Keylogger
YARA:
n/a
Link:
https://app.threat.zone/submission/00f9ade2-cc4c-4be2-b65d-601f3e052c46
Unpacked files
SH256 hash:
55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a
MD5 hash:
d24d95ad6e47389bb0c71485d9be9282
SHA1 hash:
8ff66df1a855031dfe12db173580c43315a6488c
Link:
https://www.unpac.me/results/be73b2c5-8f45-4c5c-a34f-35aa80c97f31/
SH256 hash:
550cca2ac6bd7e9c694a61f1db92b95d96903bb49611d3b5719890b3149266c3
MD5 hash:
8fd9b1406f22552f40f1df10a8581065
SHA1 hash:
134a8c9044f64d2a76a1002ccfe1974bd76b66bf
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/be73b2c5-8f45-4c5c-a34f-35aa80c97f31/
SH256 hash:
6f6db5633fd026acbea80701ab558fbb29fa2a9508b152891a43454751039dd1
MD5 hash:
cbdc167a5f0da5305940da3c346fac02
SHA1 hash:
4224ea1e06a32399cc1e0a6aff756ebb5e984f52
Link:
https://www.unpac.me/results/be73b2c5-8f45-4c5c-a34f-35aa80c97f31/
SH256 hash:
a6aed5bb77bb9fdd38a1b664b6549c79da4c882bade86a3a3b2c3e8eb02ff56e
MD5 hash:
91549db3da30b91712adf78a5837e6ee
SHA1 hash:
f96a62be7ff56e3156268a8806891d686ffe3071
Link:
https://www.unpac.me/results/be73b2c5-8f45-4c5c-a34f-35aa80c97f31/
SH256 hash:
df1d946377cb1a0fe66acafa5be72d9d14126a0271f5afb995419c705ae8995c
MD5 hash:
9970322c64842106caae0b2717c495b2
SHA1 hash:
76efdfee4acfed23c5ba7141f0116114875f21e2
Detections:
win_404keylogger_g1
Create hunting rule
win_masslogger_w0
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Link:
https://www.unpac.me/results/be73b2c5-8f45-4c5c-a34f-35aa80c97f31/
Parent samples :
55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a
5d16ece654d58afcb6b04849ee6655c2f709e68c6b65b6c6a26a0e9cf33bc52b
SH256 hash:
10d842a69fb0ccc49d5d903718b88b75ee59b2088cb62af2d89682b0b3176f0c
MD5 hash:
f72c866b35be39ccf903ce9db9f8fece
SHA1 hash:
a18fe959b67369b25075246a0712f287707e0e4c
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/be73b2c5-8f45-4c5c-a34f-35aa80c97f31/
Parent samples :
55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a
5d16ece654d58afcb6b04849ee6655c2f709e68c6b65b6c6a26a0e9cf33bc52b
Malware family:
PrivateLogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/55011c7e7760/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/55011c7e77605612e1386d23d2bb03623326bd041c077e7913d02b16f9dd854a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/35682/

Comments