MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9637aff986e8795e82308aa077349b80989b6b0ca89973e209d3dee98da1e464. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9637aff986e8795e82308aa077349b80989b6b0ca89973e209d3dee98da1e464
SHA3-384 hash: 14762e87490f74afc154fb3dc832431317aae9fb7d69fbff21c9f7a4da850486ff583d244e907a7f245047f1184db552
SHA1 hash: f1d2cf782bdae1b40251da52d110fddba3e76900
MD5 hash: 71c5ee69480e408aa33f86f1a107393e
humanhash: sad-saturn-shade-failed
File name:ÜRÜN KATALOĞU TALEBİ.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:622'592 bytes
First seen:2020-10-08 17:41:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 89dae6e0c59855ebaa4073e6171715a2 (1 x Matiex, 1 x MassLogger)
ssdeep 12288:zC47U/3rlRwYrqBlWpqCnXVpUhgZl0XwMUeyvKDFLBKJ0d:zx7U/3pRRrqBjg370gMUZSgq
Threatray 1 similar samples on MalwareBazaar
TLSH 1BD4F2C4B705C12AE41E25BAFE97EBAB4118343D66983107B3C02B4B77667FAC521763
Reporter abuse_ch
Tags:exe geo MassLogger TUR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ssl.delta3.beget.com
Sending IP: 5.101.153.91
From: SCHENKER ARKAS Nakliyat ve Tic. A.Ş. <support@businss.ru>
Subject: ÜRÜN KATALOĞU TALEBİ
Attachment: ÜRÜN KATALOĞU TALEBİ.rat (contains "ÜRÜN KATALOĞU TALEBİ.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69318/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
DNS request
Sending an HTTP GET request
Using the Windows Management Instrumentation requests
Creating a window
Reading critical registry keys
Setting a global event handler for the keyboard
Unauthorized injection to a system process
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/485858
Signature
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9637aff986e8795e82308aa077349b80989b6b0ca89973e209d3dee98da1e464/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 07:57:00 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sy3276mg5b4v5arqrkqhone3qcmjw2ymvcmxhyqj2ppotdnb4rsa._file
Verdict:
unknown
Similar samples:
f532c606947a2abffb614405ed58ec56bbba9b54f71b1bb00c824e46442d90a7
MassLogger
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
spyware stealer family:masslogger
Link:
https://tria.ge/reports/201008-cw8azjq9xe/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
MassLogger
MassLogger Main Payload
Unpacked files
SH256 hash:
9637aff986e8795e82308aa077349b80989b6b0ca89973e209d3dee98da1e464
MD5 hash:
71c5ee69480e408aa33f86f1a107393e
SHA1 hash:
f1d2cf782bdae1b40251da52d110fddba3e76900
Link:
https://www.unpac.me/results/8fad4780-afdd-4839-9f4b-bf1287ced7c5/
SH256 hash:
af60d98a67584318db664858a475c26a279868ab053a445d69fbf89e1389d486
MD5 hash:
80bc9d9d32832d79ba6449020e82f28b
SHA1 hash:
f907db0adcbbaddebda4349cbff92935bbc79929
Detections:
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/8fad4780-afdd-4839-9f4b-bf1287ced7c5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9637aff986e8795e82308aa077349b80989b6b0ca89973e209d3dee98da1e464

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 5d9bebb8daa7a6187c8944c8111fab3af0dcb1f4028aa0f41d11296489f0ba7c

MassLogger

Executable exe 9637aff986e8795e82308aa077349b80989b6b0ca89973e209d3dee98da1e464

(this sample)

  
Dropped by
MD5 1c37685c32f30664ec70a96b0c5e7587
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/69318/
  
Dropped by
SHA256 5d9bebb8daa7a6187c8944c8111fab3af0dcb1f4028aa0f41d11296489f0ba7c

Comments