MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6086e45ae6ae2ddfa775d72355d5c9a4c6d9aab84c96412af7d4a1b82ed6f28d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6086e45ae6ae2ddfa775d72355d5c9a4c6d9aab84c96412af7d4a1b82ed6f28d
SHA3-384 hash: 5b17f268c02de7a3bc2346d0fb0d59f868867fc6d7d868b32e561fe67b05b3cf83328d469b428884f180cfd068fc52b0
SHA1 hash: 631002f475e0bebc74c4896b294eced0d6758946
MD5 hash: b670532dbe1f78e7479648c015756837
humanhash: twelve-snake-romeo-rugby
File name:b670532dbe1f78e7479648c015756837.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'016'320 bytes
First seen:2020-09-20 04:12:00 UTC
Last seen:2020-09-20 04:44:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 24576:8NV2pSdrMvP3ApiuTS9ei8jtytauDQBvlZ:vMEfciuRi8MQA8vl
Threatray 456 similar samples on MalwareBazaar
TLSH C92502712F949B55E47EE73A00100210CBF1E162C321F76ABDED60AD5BA5BC2837E756
Reporter abuse_ch
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43859521.23603.17124.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Unauthorized injection to a recently created process
Creating a file
Enabling autorun by creating a file
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/470763
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AntiVM_3
Yara detected Costura Assembly Loader
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6086e45ae6ae2ddfa775d72355d5c9a4c6d9aab84c96412af7d4a1b82ed6f28d/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-09-18 01:20:41 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
0a19a947700333633a48cf56c2eff8667d3dd9eaa4f3b06a92ef6b0d8eda1be5
MassLogger
174a316b65f50415eec6231fb7d226c7be795126530aaf5ceb189aab488bc954
MassLogger
5445e1817d6ebedcb6026a8b5ea2f517ece1b7056a82342b490f4351f57293cd
MassLogger
580351bd9c6d299a40b21218cbfa540ff1ef7b6f894be6a90ca3645bf3567d87
MassLogger
5e32d07c21d72fb6e5b1c48c92ab18268ff5121b8e2ccfda9740152d896e30c2
MassLogger
7a9db016061e639e075ceccfb5fb7253755b51d8a5df21d816bffb2fcea9a5b4
MassLogger
86ed6977987add53f64bba4255eb2552d4b67ecf915186b4a18ebf027c238395
MassLogger
8bc0a287e7c20feba8e4006c7683503eeabfa9fddfb14c8f80d8a92ef09b6fd6
MassLogger
93d22d39577ab983c75badd9019b57420a4e2bfc300d6a37d90885d823396058
MassLogger
ca9c301658fdb13e13f150a15e35349aac1ad323061965c6a2f1280438e9b139
MassLogger
+ 446 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Link:
https://tria.ge/reports/200920-whykt8rek6/
Behaviour
Creates scheduled task(s)
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of web browsers
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MassLogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6086e45ae6ae2ddfa775d72355d5c9a4c6d9aab84c96412af7d4a1b82ed6f28d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MassLogger

Executable exe 6086e45ae6ae2ddfa775d72355d5c9a4c6d9aab84c96412af7d4a1b82ed6f28d

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/63841/
  
URLhaus
https://urlhaus.abuse.ch/url/412465/
  
Delivery method
Distributed via web download

Comments