MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55664cf94d480b95c4c7b287dcb36ef045e77e59c3fd77867c872aa51d8ddbf5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	55664cf94d480b95c4c7b287dcb36ef045e77e59c3fd77867c872aa51d8ddbf5
SHA3-384 hash:	efdcce8355ecae34a35e5bc92f64f7af9c0a49763332d97e49ebc4bc948219659680a22ae6a1c0c59f45daac53e8e3af
SHA1 hash:	15e737d57b9c86ee5c278a592b0a3470c38a787b
MD5 hash:	b053a441d906ff277f79fbb81c41d448
humanhash:	butter-sink-florida-skylark
File name:	NEW PO 5207DR.js
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	358'360 bytes
First seen:	2025-05-21 07:52:35 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	96:Z5s/BpZKBpnpsuBpZFBpMpsLBp9BpBprpsNBpZrBpkfspBp9uBprBpsHBpZKjBpB:tCsvAlyIOXpN8NTE
Threatray	1'495 similar samples on MalwareBazaar
TLSH	T1F0742B9DADE704AA35DFF730A68725BC99272754C90269FBA273F63310B8E5C10F1066
Magika	javascript
Reporter	abuse_ch
Tags:	js MassLogger

Intelligence

File Origin

# of uploads :

# of downloads :

431

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Script.SNH-gen.30663.20388.UNOFFICIAL

Sanesecurity.Malware.31898.UNOFFICIAL

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=682d8676c28c67d666437d17

Tags:

obfuscate xtreme shell

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

obfuscated

Link:

https://www.filescan.io/uploads/682d867a1de1514c6874c73a/reports/5eb3c758-5de1-4786-9369-97d3ab7aa0a7/overview

Verdict:

Malicious

Labled as:

JS/TrojanDownloader.Agent

Link:

https://www.hybrid-analysis.com/sample/55664cf94d480b95c4c7b287dcb36ef045e77e59c3fd77867c872aa51d8ddbf5

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj.expl.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1695694

Signature

Connects to a pastebin service (likely for C&C)

Found suspicious powershell code related to unpacking or dynamic code loading

Found Tor onion address

Joe Sandbox ML detected suspicious sample

JScript performs obfuscated calls to suspicious functions

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sigma detected: Base64 Encoded PowerShell Command Detected

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Suspicious powershell command line found

System process connects to network (likely due to code injection or exploit)

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Wscript starts Powershell (via cmd or directly)

Yara detected Powershell decode and execute

Yara detected Powershell download and execute

Behaviour

Behavior Graph:

Download SVG

Score:

57%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/55664cf94d480b95c4c7b287dcb36ef045e77e59c3fd77867c872aa51d8ddbf5

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/55664cf94d480b95c4c7b287dcb36ef045e77e59c3fd77867c872aa51d8ddbf5/

Threat name:

Script-JS.Backdoor.Remcos

Status:

Malicious

First seen:

2025-05-21 06:01:46 UTC

File Type:

Binary

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kvtez6knjafzlrghwkd5zm3o6bc6o7szyp6xpbt4q4vkkhmn3p2q._file

Verdict:

malicious

Label(s):

novastealer

MassLogger

305a0d3548c9e87bd913a8c6bc8f8e5b3eebc5598466c7f40e99d82a24a84148

MassLogger

36c4b76918ad0cc2990097d29fe693eb3333709e20b33b97ab12d6ccbaf3e4bc

MassLogger

6e9fb253ec84086b218bb9e2f2993ac0a628e562073f1ed2bdcd21d3d65baead

MassLogger

abd1741192aa6e0d4291a33562e399c1dc503f9f9aec919d8e38ad07732a0954

MassLogger

error

MassLogger

+ 1'485 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

family:masslogger collection discovery execution persistence spyware stealer

Link:

https://tria.ge/reports/250521-jq57bswq14/

Behaviour

Modifies registry class

Script User-Agent

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Adds Run key to start application

Looks up external IP address via web service

Checks computer location settings

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

MassLogger

Masslogger family

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

MassLogger

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/55664cf94d480b95c4c7b287dcb36ef045e77e59c3fd77867c872aa51d8ddbf5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample