MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78cc69e2bac1d1082fdcd12ab9f73c8fbe177d4c77c3741a1f675afc19fde7df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	78cc69e2bac1d1082fdcd12ab9f73c8fbe177d4c77c3741a1f675afc19fde7df
SHA3-384 hash:	df9d18ace0555c519ed03452ca1f079e6bfc425a3b5eef39c685197aaeed7ccd0b1b38033a62c61611100fd5a308f70f
SHA1 hash:	ae3cd291f2a022360896d4fae4f005f2b50a8364
MD5 hash:	0d89407b450dd157f3eac8a3a3850a07
humanhash:	nitrogen-william-fanta-alanine
File name:	SoapName.dll
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	93'696 bytes
First seen:	2021-01-07 15:09:45 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	1536:FsePiOhU+htr1bMLQxJQZpx3xtcQHbrjYXB55lov/Lp4zbhk1:l6OhU+/ragJ4px3xtcQnjcT5lMLp4JI
Threatray	793 similar samples on MalwareBazaar
TLSH	1693197B36E38A02D5585A7680A3112013F7D3CB3673D70E3E4852964F433EABA5ABD5
Reporter	James_inthe_box
Tags:	dll MassLogger

Intelligence

File Origin

# of uploads :

1

# of downloads :

138

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Guloader

Link:

https://www.capesandbox.com/analysis/110855/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/575973

Signature

.NET source code contains method to dynamically call methods (often used by packers)

Binary contains a suspicious time stamp

Machine Learning detection for sample

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/78cc69e2bac1d1082fdcd12ab9f73c8fbe177d4c77c3741a1f675afc19fde7df/

Threat name:

ByteCode-MSIL.Trojan.Generic

Status:

Suspicious

First seen:

2021-01-07 15:09:41 UTC

File Type:

PE (.Net Dll)

Extracted files:

4

AV detection:

7 of 28 (25.00%)

Threat level:

5/5

Verdict:

malicious

Label(s):

masslogger

Similar samples:

01214329917b407fed2ff876f8867214125c6f27ada5623891253a2ee012288a

0137eab9ffb892bcff1aabd6bba89c41459cf49087222ebb2723c3ce5a755ad3

02f5dd476f8df23ea9e9c5049281acc1d83a29e79c478266aa4c0ebaa659cf6b

333d2806164361cd0bf4141ef5bcb154d1bc1fc8001ef933bbce0b24a1cbc2bc

7ea8e3c5414b0264c420a0d58d0807738c61aa5c1784ad0f555399b76f7ac4ca

97b4fea61d49c93281c6a9b0e058bd747c1cc85458889ce745e577414db2a8dd

9a76fa2bd0df22fd79b7e38248b3a765a524070bc68175811914968c731fe6eb

9b5b44ded4ede28d92834c4db286780a5628d02597a739ff3633f808d47f0939

d2ae3fabca5021b33bfa9326b06dea2cc82a56537a1d473934553bdcdfaddb74

f54e2a18f9a6b1f5fa144306a9ad3e277e0dfa581543c5156a6a59b644c913da

+ 783 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210107-fh7qrxrwh6/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

78cc69e2bac1d1082fdcd12ab9f73c8fbe177d4c77c3741a1f675afc19fde7df

MD5 hash:

0d89407b450dd157f3eac8a3a3850a07

SHA1 hash:

ae3cd291f2a022360896d4fae4f005f2b50a8364

Link:

https://www.unpac.me/results/282abfbc-f0f7-45fe-af8e-a82a734e524f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.56

Link:

https://yomi.yoroi.company/submissions/78cc69e2bac1d1082fdcd12ab9f73c8fbe177d4c77c3741a1f675afc19fde7df

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/110855/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample