MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75139a48d485f359d57726464104e7dd840bb1d26457d9780363d1360a83e12d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75139a48d485f359d57726464104e7dd840bb1d26457d9780363d1360a83e12d
SHA3-384 hash: 59478dd7589f0721a7c561601661368d22670df3d5d65843737df094988760ff65dc954b350520172e087c9a0fdd2e7f
SHA1 hash: 9761a6e32342024a0888399db4daa8cda27d5717
MD5 hash: 62e3526b3d1203569dc196c7ad07217c
humanhash: freddie-rugby-low-seven
File name:b15d2739ffc11dd2922c9b6f89e1b884
Download: download sample
Signature MassLogger
Create hunting rule
File size:902'656 bytes
First seen:2020-11-17 15:15:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 09731745edb87bde64ef9361c2d2a14c (3 x MassLogger, 1 x RemcosRAT, 1 x AgentTesla)
ssdeep 12288:AwLuNDl9lm+470o3IJ0yRa40Jl2QhQV29qjgQCoKZ5slH1s2kAGCONgWX4TDJb31:AwqhvDipFyRaNl/hVUgndLTgWX4Thc2
Threatray 316 similar samples on MalwareBazaar
TLSH DA1512513492D133C533437048A9EAF43A3ABD5117314827BFD83A6D6EB6BD1927A3A2
Reporter seifreed
Tags:MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% subdirectories
Creating a file
Running batch commands
Launching a process
Modifying an executable file
Unauthorized injection to a recently created process
Creating a window
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/75139a48d485f359d57726464104e7dd840bb1d26457d9780363d1360a83e12d/
Threat name:
Win32.Trojan.Fugrafa
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:23:03 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
0393a3472d5f00efa4ab91bc086a1908741e10b84925190ff00cb948391a28a8
MassLogger
04a3cf2c1316b5dd21365ac36bc970cc9b28514d42d41712c783345e07a99a07
MassLogger
0a6447ca302af67b351842f078f0462cf33c95d587da76e220322cd9bd9803a3
MassLogger
116ea34f9e2aba532b39a48d0612f43632afea0039478a6d522e5f9c66141c1b
MassLogger
6dd1eac2a9acbab22d96c00403269f6144b9a13908a2845276e0365c1e90d144
MassLogger
7428f5ccb3fa2d0ba8b295efd15c9acc87674180aa1d3bf71e8b91cd0a038381
MassLogger
a94b1b1f02dbaf0895a93de9df8603115501866ce76a147cb2e4330b0894b928
MassLogger
b136291a17e064dd9d44cc454556980107d96da2a0adb1a31eb2db3531b6832a
MassLogger
bbcaf0746383dc1928fe53805da2d9bb28123e7495d48759202a46217e6b456d
MassLogger
e59c36dc0598faa7351b570742be5c064d7524d2e1ac8cc12aa4a8b16abee3f4
MassLogger
+ 306 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-za7jh68kns/
Unpacked files
SH256 hash:
75139a48d485f359d57726464104e7dd840bb1d26457d9780363d1360a83e12d
MD5 hash:
62e3526b3d1203569dc196c7ad07217c
SHA1 hash:
9761a6e32342024a0888399db4daa8cda27d5717
Link:
https://www.unpac.me/results/566f0c16-12e7-40b6-a74a-d9f0f90ca329/
SH256 hash:
6dd1eac2a9acbab22d96c00403269f6144b9a13908a2845276e0365c1e90d144
MD5 hash:
87c4d24048ee1d40b52b029dca65520a
SHA1 hash:
d40002b80e37108b933caeb537fcf6f9cf9a430c
Detections:
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/566f0c16-12e7-40b6-a74a-d9f0f90ca329/
Parent samples :
ae1030f0ff069ac50dea9f299186507db2223f47fc51d1952c92d4709ba56190
a94b1b1f02dbaf0895a93de9df8603115501866ce76a147cb2e4330b0894b928
8b89f4df41360c5069599c46d83a596a10f664eda83a87ac764c75efd38861f9
75139a48d485f359d57726464104e7dd840bb1d26457d9780363d1360a83e12d
SH256 hash:
6816e73811caa9fcd76277481919ac7d660111889541b1f4d5ea18905e707fb4
MD5 hash:
1ffc0b8db41360861a07a0b0cef9a7f0
SHA1 hash:
f3458884c98efa6f091337564da89467d3f3d22e
Detections:
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/566f0c16-12e7-40b6-a74a-d9f0f90ca329/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog
Rule name:masslogger_gcch
Create hunting rule
Author:govcert_ch
Rule name:win_masslogger_w0
Create hunting rule
Author:govcert_ch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments