MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 14


Intelligence 14 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29
SHA3-384 hash: 88a19d2961b3dbfb142d8322a034214fe8dabff4054f822fade9e3b0345cd38b3442514eaa60b17d7cc06379fc27b370
SHA1 hash: 8492dcd12c3940d1111875cce6b0e67f82a35f6f
MD5 hash: bac18c4f83f6c7730d3582955de30b9f
humanhash: autumn-carpet-ink-solar
File name:95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'014'272 bytes
First seen:2026-03-06 15:40:39 UTC
Last seen:2026-03-06 16:31:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'843 x AgentTesla, 19'775 x Formbook, 12'297 x SnakeKeylogger)
ssdeep 12288:Pveikl14kuQwVokGOuXJxNB3+MLi6j2YI1Qsc6F3lrK/CDNTIdGzXsbIoo:8GoNOYwMWgsjF3lesT4GzXiG
Threatray 12 similar samples on MalwareBazaar
TLSH T10925AD0023E8DF65F9BEAB7812F4247503F5FA069632DB2F6E5990A95C25B814E43733
TrID 72.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.4% (.EXE) Win64 Executable (generic) (6522/11/2)
4.4% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika pebin
Reporter adrian__luca
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
HU HU
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29.exe
Verdict:
Malicious activity
Analysis date:
2026-03-06 16:09:48 UTC
Tags:
netreactor evasion snake keylogger telegram stealer spyware
Link:
https://app.any.run/tasks/cfb5c0fc-7fda-4f4b-aacd-82f48a471904

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
VIPKeyLogger
Create hunting rule
Link:
https://www.capesandbox.com/analysis/56419/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.44936638.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Labled as:
Trojan.Mardom.MN.Generic
Link:
https://www.hybrid-analysis.com/sample/95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29
Verdict:
Malicious
File Type:
exe x32
Detections:
Trojan-PSW.SnakeLogger.HTTP.C&C PDM:Trojan.Win32.Generic HEUR:Trojan.MSIL.InjectorNetT.gen
Link:
https://opentip.kaspersky.com/95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29/results?tab=lookup
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b13849a9-099e-4b3f-a998-bcbffc9439d8
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29/
Verdict:
Malicious
Threat:
Family.SNAKE
Link:
https://tip.neiki.dev/file/95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29
Threat name:
ByteCode-MSIL.Trojan.Mardom
Create hunting rule
Status:
Malicious
First seen:
2026-02-27 08:30:18 UTC
File Type:
PE (.Net Exe)
Extracted files:
28
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=swtwtr7dwczxfy7e3fjucj6wd7po7emgztez5wemxiaeemly3iuq._file
Verdict:
malicious
Label(s):
purecrypter
Create hunting rule
vipkeylogger
Create hunting rule
Similar samples:
24d6cbd8f4eb920651f82adb1288cd4d5227f6bcd8fe71341ebdeb434bbfae01
MassLogger
9899fe72ae403fa3a68ea803f410e50db67918a96a080bcebe3d947148d81cd8
MassLogger
b201a03fc29a92568f2b8eb6b1e838f6f219113c0b523dae531ea737ab9da912
MassLogger
d602128bef26396a9ce57e55bdfdd512b3f8e292cd7e7de5870e3ec81dcc884b
MassLogger
dbd4edd258813db2cac4abddb2a4230b62874591c09daa6ffbcd5c9022ebd042
MassLogger
error
MassLogger
+ 2 additional samples on MalwareBazaar
Result
Malware family:
vipkeylogger
Create hunting rule
Score:
  10/10
Tags:
family:vipkeylogger collection discovery keylogger spyware stealer
Link:
https://tria.ge/reports/260306-s4k8rahy6r/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
.NET Reactor proctector
Reads user/profile data of local email clients
Reads user/profile data of web browsers
VIPKeylogger
Vipkeylogger family
Unpacked files
SH256 hash:
95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29
MD5 hash:
bac18c4f83f6c7730d3582955de30b9f
SHA1 hash:
8492dcd12c3940d1111875cce6b0e67f82a35f6f
Link:
https://www.unpac.me/results/516ba1d3-da40-46b3-ae51-f48a948e856a/
SH256 hash:
18bf646fad26a0aa1264cac867789c6d9f4de762bc83b9aeeff0f8d8d48ee6ac
MD5 hash:
4faf9d90e22fe6f5452ab806bb763ed7
SHA1 hash:
564455391f73d9d8f3baf3b907dfb9723f249820
Link:
https://www.unpac.me/results/516ba1d3-da40-46b3-ae51-f48a948e856a/
SH256 hash:
69b83d39655ef00f775e5bc22b91874d629e68319550000343c581318fbe6fd4
MD5 hash:
b02d83e8ecf71c6399a3b3be638fb93b
SHA1 hash:
dfaff9ecb5aeab521334bf05aa7832d3d9af9451
Link:
https://www.unpac.me/results/516ba1d3-da40-46b3-ae51-f48a948e856a/
SH256 hash:
c47ada3392dd20199b6d259e6afa093674a2a829051ddf30b38dd34d1fcebd29
MD5 hash:
2c8ba1fe8e140fc5c280a79b47372139
SHA1 hash:
ed2d31b2b3bd622d3c3b65d4117007145a28d81d
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
INDICATOR_EXE_Packed_DotNetReactor
Create hunting rule
Link:
https://www.unpac.me/results/516ba1d3-da40-46b3-ae51-f48a948e856a/
Parent samples :
1439e036d8b04775d5462e7dbbb6e0b90e7668545f7ca5dae2aac74e84b184aa
3fedec832e464055478f1f221aa42fe894b227f168c59bb5ba9e8f2eefdd53cb
238441c6a05dd55e6cee3b33c991a8d91302c9e687e4607f2b33ca74dc850ea5
9992e4177343a1227f6a60f77f6556f5df92b30ce35b5521ee4156bb4fabb844
95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29
3246fdc5c32e6b265880c004ebee3d7aa2d9bcb0c01874c03616e2b736f9e825
018f85786e3cbf158c1a9d44c0d82bdd8d86958e7f8eb9e8dc74e3293f42c068
de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae
SH256 hash:
95892f0bc179246961e3cf5eeac444143a4f9b455ab740746dad3ecc32c93e62
MD5 hash:
694c313b660123f393332c2f0f7072b5
SHA1 hash:
ee790ec841b7761679a05771d551a154c7f87a93
Detections:
win_404keylogger_g1
Create hunting rule
win_masslogger_w0
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Link:
https://www.unpac.me/results/516ba1d3-da40-46b3-ae51-f48a948e856a/
Parent samples :
9a0d20eec0a1e89a656a76aee82bf0619d8b83a0b445e095de190436dd110f42
256b9eb0b0ef69eeee00712c0e9fab59601934633f2bb6d0a0b10ac04bd5b2ab
75cc0d7abb4cb0145f0dc0639fbee4be7925dd45a38664e063095963c482ea78
68d311ac923f8a0854dbfa4d1401c84db61a2c530ec3fb6e1994a690fdfdd38d
5d67d216226094ebbc78b8c39e49b758e0b1624f904e2b6748bcfb39df8d6ed3
ceaa3016ce3897c17e580b58f2a41cc247de57bada3271b30aa389bcf3787ea0
553d904e1d73497fc05af9b9fa570cd6ea72043a445b2c358ce27bc84d28d226
f67799cd9ce6b4691134db9c85bab1ed79cb17d6b9b805916f118251b0d0f1e8
14b61a0155007f6e19dd356eb215652c7eb5dba764e5f059f3e37cbd273c3daa
55b98e06e135730fa23bd4af65b161ba5055a9e915164eb99b9402ad07e6e6df
141fcfa2abaae31d65da4145a537bfe13dd01ec9759d3bc1f6dd8d5ba5c1ff26
ba19434fbc08324b9a2e9ef01c34ce3818a3480f1efa03b864a38931d6d64642
364e64c2f1efc897342a41c5389f83d86cbc6b56e39abcd2a5e48e1a67fa1fae
3a0655a9973e8d7600f228240e1c3494b0acc55f46f218f42c12138d8ab73014
24d6cbd8f4eb920651f82adb1288cd4d5227f6bcd8fe71341ebdeb434bbfae01
dbd4edd258813db2cac4abddb2a4230b62874591c09daa6ffbcd5c9022ebd042
1439e036d8b04775d5462e7dbbb6e0b90e7668545f7ca5dae2aac74e84b184aa
95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/95a769c7e3b0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/56419/

Comments