MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 944dd4b6c8ca52dad374b30433681424b44c0ba035ca07ea0d73451b5c75dbac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 944dd4b6c8ca52dad374b30433681424b44c0ba035ca07ea0d73451b5c75dbac
SHA3-384 hash: b3858c11f2c7df96acefe182a9a5e4cba8a9fc470bf61150fe4139023be0b2112087e48aec8088510a7b729d1d984f8e
SHA1 hash: 9a5173f4e3fa34d60bd837966ee389fe42cadb80
MD5 hash: 17052bada2c3617185ee3e6bb472b099
humanhash: delaware-lithium-failed-low
File name:dll.bin
Download: download sample
Signature MassLogger
Create hunting rule
File size:87'552 bytes
First seen:2020-10-01 14:53:16 UTC
Last seen:2020-10-01 15:51:41 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 1536:yvgL0h5THFTDpsBdnt3roBMC1zBe9TtYupy7zPKsjwN2F9tWg0Kcl:egL0h5z9FkxoKCNBenZAaswa+gbY
Threatray 349 similar samples on MalwareBazaar
TLSH EE836B1237864715C92861B688EF092403EAABC73A73DB657E4DA39D1F133E3DE15788
Reporter Arkbird_SOLG
Tags:Loader MassLogger


Avatar
ArkbirdDevil
DLL loader for extract the ZIP which content masslogger stealer. Used on the Italian campaign by the same TA since end September 2020.

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/67440/
Detection(s):
SecuriteInfo.com.Generic.mg.17052bada2c36171.14332.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/479461
Signature
(
)
.
a
b
c
d
E
f
h
i
k
l
m
N
o
p
r
s
T
u
y
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/944dd4b6c8ca52dad374b30433681424b44c0ba035ca07ea0d73451b5c75dbac/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-01 14:55:06 UTC
File Type:
PE (.Net Dll)
Extracted files:
4
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=srg5jnwizjjnvu3uwmcdg2aues2eyc5agxfap2qnoncrwxdv3owa._file
Verdict:
unknown
Similar samples:
066bdbaf5b5526cc3040573bea83da7a384e0c97df13d50a7cc0716b1dd8e6ac
MassLogger
2634e0e8f1f3eee5db8142e6bd4e011d7200d05aa6e5dda8fdbb31cf1ceeda08
MassLogger
32dc5aca6f7a54f4755ff65364abf1334d054cf96f79b0d8dbc2a0657c5ec1c9
MassLogger
71f2ca63111e328be5ab5d88978b8d41bd59735382cac9131500c079ef91358e
MassLogger
87577cf9a668390b93b9fe82794b21cd0579d4b1a7b4f0a4d0b841d03d046daa
MassLogger
99b2d9e790cfb597b01a934bcf113cd6675f4a5ef260da57ef2a86d68ecbc1b2
MassLogger
9d16660c6cbee0c09d8046e43cec9523ca047f7478723c7e04a255c644794c6e
MassLogger
ace64cbe1ef91a0b14602264fe0de8e3698cb8b901cbd6251b3fd11d87a0bef6
MassLogger
c77845f6b361b20a24d3c99ac9b7754c93ed51906c08ef9a04e3bebf68e8d861
MassLogger
d9edf42affd4dae1e5c0260eb6095e8ea3f03812e2479820dc6a41183adbe827
MassLogger
+ 339 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201001-2vf77qp2v6/
Unpacked files
SH256 hash:
944dd4b6c8ca52dad374b30433681424b44c0ba035ca07ea0d73451b5c75dbac
MD5 hash:
17052bada2c3617185ee3e6bb472b099
SHA1 hash:
9a5173f4e3fa34d60bd837966ee389fe42cadb80
Link:
https://www.unpac.me/results/3cb9e53e-145b-4d3c-a789-481ab30b9044/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MassLogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/944dd4b6c8ca52dad374b30433681424b44c0ba035ca07ea0d73451b5c75dbac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

f8ea7e1f4e765ebc2b767ee17e9b06bcd0da696eab92e16ef487537a8acbaf73

MassLogger

DLL dll 944dd4b6c8ca52dad374b30433681424b44c0ba035ca07ea0d73451b5c75dbac

(this sample)

anyrun
any.run
https://app.any.run/tasks/7eaf6dbc-f385-4cb2-a586-91d43c9317fc
  
X
https://twitter.com/JAMESWT_MHT/status/1311655217004457994
  
Dropped by
SHA256 f8ea7e1f4e765ebc2b767ee17e9b06bcd0da696eab92e16ef487537a8acbaf73
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/67440/

Comments