MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bcbbf82aa7c1bde8cddd6a6d50b4b082555ddb0dd23dd468ef238850238ed2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5bcbbf82aa7c1bde8cddd6a6d50b4b082555ddb0dd23dd468ef238850238ed2a
SHA3-384 hash: d4e1c97d5e4c4ca229faddda354fc7aeb0a3db77e2bda19a5759440383c226ec03db77f14dfd4a87bee14fa58cd4fa1c
SHA1 hash: 4932392ebc7a8a56b784058c64d6325a7ef7f587
MD5 hash: 7e9981e9cb52526de52f424274cbed4c
humanhash: sad-romeo-leopard-eighteen
File name:Ref ____ New Tender 32-29-1441__.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'272'832 bytes
First seen:2020-08-18 08:43:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 639357242ed279ceaa4726408d2cc6d5 (10 x AgentTesla, 4 x Formbook, 3 x MassLogger)
ssdeep 24576:3F7OuHzkK4d7403c8UnJwgnvhU1rsZWx35Rh:3Fy+f8nc8UnJr21iWN5Rh
Threatray 529 similar samples on MalwareBazaar
TLSH FF45BE22BDF14836D0F31A784C5F7E749829BDD139F8855B7BE84C0C9E25E403969E8A
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: alanwarece.com
Sending IP: 185.222.57.169
From: Ibrahim Hassan Salem <admin@alanwarece.com>
Subject: New Tender 32-29-1441 (RFQ for Supplies)
Attachment: Ref ____ New Tender order 32-29-1441.zip (contains "Ref ____ New Tender 32-29-1441__.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47604/
Detection(s):
SecuriteInfo.com.BScope.Trojan.Crypt.5088.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending a UDP request
Using the Windows Management Instrumentation requests
Running batch commands
Creating a file
Launching a process
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5bcbbf82aa7c1bde8cddd6a6d50b4b082555ddb0dd23dd468ef238850238ed2a/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 19:52:13 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lpf37avkpqn55dg522tnkc2lbasvlxnq3ur52ruo6i4ikary5uva._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
0e8c4ea04759257bb250d60f1a3b1988888044fd06ce2f9fccef81b047eee4bc
MassLogger
1a8d85a16bcc49b33c11489af823ff2f15caa31ecb616330bb54a4ca5b261769
MassLogger
4afbf197b53084d8d3d79ffe791e17b5d4dcddec2b77a531cf33ffd54f3f64d0
MassLogger
81294a847822a4b2b75133370a6b627d8fd2db2470767608522c4229ffa88133
MassLogger
84742df4cd63ab373d601a9f4900b1b55f41ea5f48d93eaebb68b9fd4bf8235a
MassLogger
a4df7bd8daff5a4723055c7589244e1719c45223f09f42b06a621aad5ee1f2f4
MassLogger
b8789e245fdcc8f15b3e86a516660004980a8febea95077b7606e5bfc4a7bd31
MassLogger
c7202ac90daa5d696736a32eff2c930eba08332c9416ff6a464ce3ea17f414f9
MassLogger
df68e151234024e309edd6285be6afa2ac21b30fa660f3aefe4417b17ab27400
MassLogger
f38bf49d1b80576d1df0cea02b590d52b16dfd03acfa6f9776fb010bd88ec38d
MassLogger
+ 519 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware upx spyware stealer family:masslogger
Link:
https://tria.ge/reports/200818-w6rbqrjngx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
UPX packed file
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 51afbbb9e3948795cadcbc8d2ca5ed46cc31c052aaf1770890beeaecca0fdd49

MassLogger

Executable exe 5bcbbf82aa7c1bde8cddd6a6d50b4b082555ddb0dd23dd468ef238850238ed2a

(this sample)

  
Dropped by
MD5 f3715d268ee9513208434e3a92ccc85b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47604/
  
Dropped by
SHA256 51afbbb9e3948795cadcbc8d2ca5ed46cc31c052aaf1770890beeaecca0fdd49

Comments