MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6030faadae8d2aa1b94b06da9c0d4ed3ce33076a1bc04218027519b1043a6a95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6030faadae8d2aa1b94b06da9c0d4ed3ce33076a1bc04218027519b1043a6a95
SHA3-384 hash: d0baa985396ae8d37ffd64a2582c408f28827723505099edcf7c360ee84eb94e149e6f976410bd6a54d3ed2d8b6a5a30
SHA1 hash: 609af629da07ae0ebbe39c2de2502752f5e4553f
MD5 hash: 05e6d0fec133b11165f4db25f7256682
humanhash: pip-carpet-bakerloo-california
File name:Wsp1Y2kaMZ5npFn.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:887'296 bytes
First seen:2020-09-29 05:29:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 12288:P+jP6eP9b2N+P7SeThWBfeiRR/Zqa5vQLuB0pnebzv019XdctgSq3X0OywVtBycv:GjP6+3P7SG8Rh51819tN7VtB7
Threatray 249 similar samples on MalwareBazaar
TLSH EE15E0DAEF446A7AC2AD2C3880B0FEAE43FDC5571E52E7590473B82889326911F51DD3
Reporter cocaman
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/66617/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Launching a process
Deleting of the original file
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/477084
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6030faadae8d2aa1b94b06da9c0d4ed3ce33076a1bc04218027519b1043a6a95/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-09-29 00:07:46 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=maypvlnoruvkdokla3njydko2phdgb3kdpaeegacoum3cbb2nkkq._file
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
0a64f93aa274c2da0f686f8ad410699495d1aa8b68efbd5829e95cb226cc97ee
MassLogger
234b2c300af5e4ac2001332e07c2e54bd48dac174cf8b5d0c486a3cc6076043c
MassLogger
59266059bf9ed1325138907f3f74f4838600be78e310b8165333935e18817d5a
MassLogger
9bf180bb7b3cc0fcc6d01b68e2aa82d2f853e081ec71e34942d875324a2415b4
MassLogger
9c4a2d8473718bdb1725450b6f0567098006b9aa89fbd913acab1bab0857143d
MassLogger
9f0866780aa84107697212f1b3578777c450861c02a6e01f5741de28c858900c
MassLogger
ab7cc003aa4d6807236dcd8983804a44a460a462c0e6d4ef70b3030f8ab6b366
MassLogger
c7f039cff52a5c1de59fb782259f3fd2054946e9fca03d364f61c7977128dcca
MassLogger
f23b9e7560ded009508ff2a4dd75507d7bf087ad69c47fc5320af052d95fa814
MassLogger
fc8f5c635abe5534833683141ae57470c09a246eb290895ce748d1bede405c25
MassLogger
+ 239 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
spyware
Link:
https://tria.ge/reports/200929-ltrsn3l9f2/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Deletes itself
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
a4612b33f96fda74da865774e0ff7c8448bbc3986b065eb9e754634b8505b920
MD5 hash:
6ff22fe097d6fb9979ab479425223bae
SHA1 hash:
93689df85a240b4b4f4e4e3f56a24522e846103a
Link:
https://www.unpac.me/results/fdc624b1-011c-4801-b922-9f869397c72a/
SH256 hash:
729a1b125fb330463c22a87c061e384300f49bd9d6793836bb3e52bcb61cc03f
MD5 hash:
ac3f427e66b28b013b0b651c2f71d1e9
SHA1 hash:
ddf8b4b1d36aced75740632b41d30add06b5db3d
Link:
https://www.unpac.me/results/fdc624b1-011c-4801-b922-9f869397c72a/
SH256 hash:
9fa4bd192773dfc684e2d0d7a15054220a2c3a4418d2a46c1e245f34ba88fa85
MD5 hash:
2590b65af13e5325d936c62743e003ea
SHA1 hash:
ed3c2da29c2f623aa9769ee822c5263434a61acc
Detections:
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/fdc624b1-011c-4801-b922-9f869397c72a/
Parent samples :
6030faadae8d2aa1b94b06da9c0d4ed3ce33076a1bc04218027519b1043a6a95
cc8e79ce79d0078b6483062f8fc8d187f5fdcf92c9f51db25551a19d22af0a87
5b32ffc4c10114b55115da9f2c6e4ee22222f5d305552daf00a287b82d66c9dc
2d72381a89f07ac880d001d5cec532b9900db1030fc269687752863174fab88f
SH256 hash:
6030faadae8d2aa1b94b06da9c0d4ed3ce33076a1bc04218027519b1043a6a95
MD5 hash:
05e6d0fec133b11165f4db25f7256682
SHA1 hash:
609af629da07ae0ebbe39c2de2502752f5e4553f
Link:
https://www.unpac.me/results/fdc624b1-011c-4801-b922-9f869397c72a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Gamarue
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6030faadae8d2aa1b94b06da9c0d4ed3ce33076a1bc04218027519b1043a6a95

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 12e063fa87cf457809c5ccc5e850c2f471bfedec9237d611903691e8ba604ee3

MassLogger

Executable exe 6030faadae8d2aa1b94b06da9c0d4ed3ce33076a1bc04218027519b1043a6a95

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 12e063fa87cf457809c5ccc5e850c2f471bfedec9237d611903691e8ba604ee3
Cape
Cape
https://www.capesandbox.com/analysis/66617/

Comments