MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8908918728286712e2f32e8319e75af0341d9c1bebe07ee460362d4752d6f1e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8908918728286712e2f32e8319e75af0341d9c1bebe07ee460362d4752d6f1e8
SHA3-384 hash: 1bc84bed96f9be0743df2881caa14e9452ade0565f37b3973b96163a2292433027c5b9539f58afe9a835686a2dc5fdaa
SHA1 hash: 825866a00a7b2d9a94a9da0d865394bf3bb99920
MD5 hash: 3007a546519fb74394d5819ffd5e2ff1
humanhash: twelve-uranus-enemy-october
File name:6784Y487302922.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'296'384 bytes
First seen:2020-06-16 13:16:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'665 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:pm9QjS7M6VEt60A3ScGKXOuunBaHQ79DaOL7NvAi+nna4TAGSc6qyQp9ayS9OncM:4uCM6NR3SK+uunsQ79262iAaQAGScL
Threatray 1'724 similar samples on MalwareBazaar
TLSH 7C554B3639C25824C639063680B9AAC5A7F6A7413653D71FF0AB039B9F0279F7B164CD
Reporter abuse_ch
Tags:ESP exe geo MassLogger Santander


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail.acobur.es
Sending IP: 81.169.213.230
From: Factoring y Confirming - Grupo Santander <fycout@gruposantander.com>
Subject: Confirming - Aviso de pago
Attachment: 6784Y487302922.GZ (contains "6784Y487302922.exe")

MassLogger SMTP exfil server:
smtp.mail.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Ispy
Create hunting rule
Link:
https://www.capesandbox.com/analysis/11015/
Detection(s):
SecuriteInfo.com.ArtemisTrojan.13570.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 13:18:04 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=reejdbzifbtrfyxtf2brtz226a2b3ha35pqh5zdagywuouww6hua._file
Verdict:
suspicious
Similar samples:
0d46f6cd2186a84326476f3d5a76b4060889d787c92cd0aa7e77eeceb1cc05b6
MassLogger
2e38449ec685638089e3863a2c03ba15c8b18b16f9e75ec869a4b87c34aabd28
MassLogger
49ebdee0fec93cc0c1815c018bdff160a61568e5e1369336918a97724dd4ad72
MassLogger
9570bbdb530065408a2c3d51801fcbb4bd0e5de8ce10b71096dcc8eac4571988
MassLogger
afb36acc2f0bbabca29232e70f3d7aadc4106083e90b60dc432fbe1db98ddbf7
MassLogger
b18c9e75825836541b9d7015a4a53dacddae7bb29c3bedbca9758349d9de7425
MassLogger
be5e5be8981ef261f24b21b1d6b67f5041d10ecc3eb3697a67142d43e71c7ece
MassLogger
cd84429e1881bd2029dc69963d9fd46049b11c50e2af7b8aae34ec877dda42e9
MassLogger
ead217093eb194a4c15621c50213435e6e7bb2d955a4cd38a3f20acd099fba7b
MassLogger
ece833b1eb93817bbbdaa4e6ae2c05da09afd81704edc29c0908af20156710c5
MassLogger
+ 1'714 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:masslogger
Link:
https://tria.ge/reports/200624-d1vqd1jg1s/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
MassLogger log file
MassLogger
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:masslogger_gcch
Create hunting rule
Author:govcert_ch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 56cdab11e53a0e5874133e04e90e5829f9d28a3cfd215a5f9e98c3b146bb3c1a

MassLogger

Executable exe 8908918728286712e2f32e8319e75af0341d9c1bebe07ee460362d4752d6f1e8

(this sample)

  
Dropped by
MD5 5964c57dd10a4d1ac63f9f2782c25f6c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 56cdab11e53a0e5874133e04e90e5829f9d28a3cfd215a5f9e98c3b146bb3c1a
Cape
Cape
https://www.capesandbox.com/analysis/11015/

Comments