MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 619d55dafa6cfdc23580e3a1e8a57ef3a246a0163385f4a61a591ac0517d85f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 619d55dafa6cfdc23580e3a1e8a57ef3a246a0163385f4a61a591ac0517d85f6
SHA3-384 hash: 61c56a5bd2b75cbc103e8dc7702ba51ddba7d8044203fc1a8ac55190212e5f06026f3180d8706a285b00f28dc93aa9f3
SHA1 hash: 9e5fb6844e76687bb47f7b7e549307c95305fdae
MD5 hash: 029c7ec1040676551533408ef85d1f68
humanhash: ten-earth-queen-single
File name:wewewewe.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'429'504 bytes
First seen:2020-06-16 06:36:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 13e3b25d61048cd05148d20c4bd67a50 (4 x AgentTesla, 2 x Loki, 1 x MassLogger)
ssdeep 24576:j/jN1au14GrJjf/Eh5utAYflNF+4Z42pFDFww5guViad6gcdxRRXp:jNzJrMhclj+IppFDf/X81xRn
Threatray 2'159 similar samples on MalwareBazaar
TLSH B265BE22F2D04433C17E2A789D5B9674982ABE132D6C7F462BF5BD4C4F3924139363A6
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: ns5.bilsay.com
Sending IP: 89.252.181.243
From: Steffen Kromer <info@kayadibi.com>
Subject: FW: ORDER CONFIRMATION
Attachment: PO 06-16-2020.rar (contains "wewewewe.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10643/
Detection(s):
SecuriteInfo.com.Adware.Generic4.BBFB.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.CryptInjector
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 06:38:06 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mgovlwx2nt64enma4oq6rjl66oreniawgoc7jjq2lenmaul5qx3a._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
296b2d6c24dd68f7a59ea4388d979bba6572c288ab891cd35ec81e56c602318d
MassLogger
3e24bc0f9fdba289c0ab90cd86709b32eb6903abc8f3843c07ca74d1af36a6a9
MassLogger
49ebdee0fec93cc0c1815c018bdff160a61568e5e1369336918a97724dd4ad72
MassLogger
5d0fe828d087e58c38d1724aeced199e4fb352535621e09ab4875a2f960ddabb
MassLogger
69e387471bff853ae6859cf19342f4cf208a26c80a424454b8745d359434f988
MassLogger
70f61a0649bdf59239f4e789021e707fd14e40e290e8735ff48fdff5ac000d92
MassLogger
a564fdfc9313e139ccabe2e6b1154598ea3baebd20abde1125a6513789b54fa4
MassLogger
c2a4d9a5ece1ce942c2c24ae899b30f499986d0f8501ded296ca48cfeaf9353e
MassLogger
d730df4850006dea47a1820961961672cc08042a07d4bace39568261d1de2ddc
MassLogger
d7f723006bca775ea723bcb6af0415357efe543e37791d2997b5100f4c775708
MassLogger
+ 2'149 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger ransomware spyware stealer upx
Link:
https://tria.ge/reports/201109-5bw1fbm5rs/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Drops startup file
Reads user/profile data of web browsers
UPX packed file
MassLogger
MassLogger Main Payload
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 73fa7d72535f68d0def7fc2a838c2f8b175e13128f774fdbd6b4335dc95c0453

MassLogger

Executable exe 619d55dafa6cfdc23580e3a1e8a57ef3a246a0163385f4a61a591ac0517d85f6

(this sample)

  
Dropped by
MD5 fcc56c065e96674cbf351e65094f9ef7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 73fa7d72535f68d0def7fc2a838c2f8b175e13128f774fdbd6b4335dc95c0453
Cape
Cape
https://www.capesandbox.com/analysis/10643/

Comments