MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 725cf95ae383693e9d93b749eae3f529fb3df6545d44afb6da70425c6c74a06d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 725cf95ae383693e9d93b749eae3f529fb3df6545d44afb6da70425c6c74a06d
SHA3-384 hash: e6a1086610e1312bfcf48f97ea984e72011f0f003461049078554bb35602a423fd5c55c7043b951f3a7248ce682a6a9a
SHA1 hash: 41363edb226ff45d930aa2cbc4f5396d6615dd4a
MD5 hash: db2b6d961f752c0d0ab23ebe34ceb98a
humanhash: robert-charlie-indigo-idaho
File name:2.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'146'880 bytes
First seen:2020-07-23 14:53:18 UTC
Last seen:2020-07-23 15:53:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:MqIFARbs+BvIFDC9EauiQRiF5C2uQivShndZh3mQGogeKZ3D58i26IWS/PvMWPFp:HLRAPaSiPTHiIFNgeY3Dt9IrM14
Threatray 715 similar samples on MalwareBazaar
TLSH C635BF49D7B6E8E5FB2A037DE07108166F61981A63C9E21D27CAF1693C333418653DBB
Reporter James_inthe_box
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Ispy
Create hunting rule
Link:
https://www.capesandbox.com/analysis/31842/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.398.23680.22702.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Running batch commands
Launching a process
Deleting of the original file
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/396480
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 250524 Sample: 2.exe Startdate: 24/07/2020 Architecture: WINDOWS Score: 72 26 Multi AV Scanner detection for submitted file 2->26 28 Yara detected MassLogger RAT 2->28 30 Machine Learning detection for sample 2->30 32 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->32 8 2.exe 1 2->8         started        process3 file4 24 C:\Users\user\AppData\Local\...\2.exe.log, ASCII 8->24 dropped 34 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->34 36 Injects a PE file into a foreign processes 8->36 12 2.exe 2 8->12         started        14 2.exe 8->14         started        16 2.exe 8->16         started        signatures5 process6 process7 18 cmd.exe 1 12->18         started        process8 20 powershell.exe 19 18->20         started        22 conhost.exe 18->22         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/725cf95ae383693e9d93b749eae3f529fb3df6545d44afb6da70425c6c74a06d/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-23 14:52:37 UTC
File Type:
PE (.Net Exe)
Extracted files:
19
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ojopswxdqnut5hmtw5e6vy7vfh5t35sulvck7nw2obbfy3duubwq._file
Verdict:
unknown
Similar samples:
1babda8db79c5d785a60d3d2bd721a9cbcab037420c47bcb2bfbfdaad5797124
MassLogger
1c2f10aaf4e8b9a9e90316e8b470616bac893609cd85374cb11bb4a1a3971e5b
MassLogger
24c3db1cd309ee9540594ce299840ea8257095a2ac4d6c9576514e84def27357
MassLogger
3f97dfbae448b3eb28d6f08f666029037d890dc94dbce0e372b4dd2a63fd037f
MassLogger
5d5405cf3198047a427b4da472f40ab86a0cd75b9c07f3b8be17e6bca87c149f
MassLogger
63b7d1315ae6db5a6f0c66fd1e8ade94a83a9bda0eb3864734e511c087430d7c
MassLogger
72d5c98fe79c389a77998ac369b5e679207b89aabb8b54cbe93346e7edc4a39a
MassLogger
911487d7a2f529a62f18bb148dada4366bab2a1d8d4a240133674b2790dfef30
MassLogger
afdef065db92bacabeb6a8b638ff1adcded1a0f578c36ac89128d13cdf701234
MassLogger
f8bfe504676559b37494dd204efc4974a7a08f2abafdbee5a8e75bc6df16e5d5
MassLogger
+ 705 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Link:
https://tria.ge/reports/200723-b983dtpjka/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
MassLogger log file
MassLogger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/725cf95ae383693e9d93b749eae3f529fb3df6545d44afb6da70425c6c74a06d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/415766/
Cape
Cape
https://www.capesandbox.com/analysis/31842/

Comments