MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72d5c98fe79c389a77998ac369b5e679207b89aabb8b54cbe93346e7edc4a39a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72d5c98fe79c389a77998ac369b5e679207b89aabb8b54cbe93346e7edc4a39a
SHA3-384 hash: 58489c8931db8e57e84412aba8bc90c50c9803c256892613663446f9750d820135b4e687deab25caaaa5c4accaa63f3c
SHA1 hash: df7e7dc9966d4b423ae5013b842c4887ec953d4e
MD5 hash: 69b09d7deae0bc78e9be6fe9a545c6c4
humanhash: east-two-sweet-johnny
File name:Hesap hareketleriniz PDF.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'103'872 bytes
First seen:2020-07-24 07:47:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 24576:dhiA1ifJthK/Een6/sc5wgPP1kobln3YU:f3gxtc/P6/s549kmJ
Threatray 717 similar samples on MalwareBazaar
TLSH EB35F1052AC8195FF5AD37BAB3671420DB7AA5051AB6EF1E7EC6D0EC1C3332099417A3
Reporter theDark3d
Tags:MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% directory
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Running batch commands
Enabling autorun with Startup directory
Deleting of the original file
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/396920
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 250639 Sample: Hesap hareketleriniz PDF.exe Startdate: 24/07/2020 Architecture: WINDOWS Score: 100 33 Multi AV Scanner detection for dropped file 2->33 35 Sigma detected: Scheduled temp file as task from temp location 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 6 other signatures 2->39 8 Hesap hareketleriniz PDF.exe 5 2->8         started        process3 file4 25 C:\Users\user\AppData\Roaming\JpqCnt.exe, PE32 8->25 dropped 27 C:\Users\user\...\JpqCnt.exe:Zone.Identifier, ASCII 8->27 dropped 29 C:\Users\user\AppData\Local\...\tmpC8D6.tmp, XML 8->29 dropped 31 C:\Users\...\Hesap hareketleriniz PDF.exe.log, ASCII 8->31 dropped 43 Injects a PE file into a foreign processes 8->43 12 Hesap hareketleriniz PDF.exe 2 8->12         started        14 schtasks.exe 1 8->14         started        signatures5 process6 process7 16 cmd.exe 1 12->16         started        18 conhost.exe 14->18         started        process8 20 powershell.exe 17 16->20         started        23 conhost.exe 16->23         started        signatures9 41 Deletes itself after installation 20->41
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/72d5c98fe79c389a77998ac369b5e679207b89aabb8b54cbe93346e7edc4a39a/
Threat name:
ByteCode-MSIL.Trojan.MassLogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-24 03:08:40 UTC
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=olk4td7htq4ju54zrlbwtnpgpeqhxcnkxofvjs7jgndop3oeuona._file
Verdict:
unknown
Similar samples:
13dca6a2ded0ac2a85b5584e0799a45f8115b7fec34c363dee4343cfd719790f
MassLogger
3552a1f77c3b33e67b58befea74f96638eb02f73ce2b386115e4c3ed85534f87
MassLogger
3bc725935a192a83fe0f384f51d963b4b6c7921c3550b3c5295d3f3ca4676cd6
MassLogger
6e2258b3549aa0a57f3af990295f6b580dfeb2ddbc242185cc9cb23f4ca946c4
MassLogger
87aca4fc3253cd41db9b0ec35fd55868bcd30b5962a2c0da2004bf852a5d60a2
MassLogger
a3c337608883c4e7ea9d7a672a5f48605386e6016afe0616739820bed50b9b86
MassLogger
a524eba8fba60a241de6305150484aab5f283cba4840d7961755eb5e10952aff
MassLogger
d2b2c311da183d92a228d5bf6f5e108c6b01af4c2cd890a9aa71f6ad2353cc1c
MassLogger
e06a362a13aefe9b5e7183c1fca36e444270696e152b8db99148967f9dd9f349
MassLogger
f8bfe504676559b37494dd204efc4974a7a08f2abafdbee5a8e75bc6df16e5d5
MassLogger
+ 707 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Link:
https://tria.ge/reports/200724-ry5f7vf8l6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/72d5c98fe79c389a77998ac369b5e679207b89aabb8b54cbe93346e7edc4a39a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/32026/

Comments