MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96f0384cc3243e0bf37abb7504f11b1bdecabed45a961cef490dd91e4040c19f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 15


Intelligence 15 IOCs YARA 16 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96f0384cc3243e0bf37abb7504f11b1bdecabed45a961cef490dd91e4040c19f
SHA3-384 hash: 63c88b1590e7b44294811c031632801020903cc98b05bdd2aa86dde35eba341d43c37dde82f0b7f716a8cbc96af3ea6c
SHA1 hash: 8fb181068d6403d69f538e25a87cbcb0bd2d49cf
MD5 hash: 8ab2c0c1963b08963ae6a9fea8ad4607
humanhash: saturn-potato-failed-texas
File name:SecuriteInfo.com.Win32.MalwareX-gen.14849.10684
Download: download sample
Signature MassLogger
Create hunting rule
File size:576'000 bytes
First seen:2025-04-22 02:26:11 UTC
Last seen:2025-05-09 13:34:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'648 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 12288:pcjzKHospa6CngV+2ZLuFoApfuHWolON4ZEnG:g+HFpH1V+2+pW2fNW
Threatray 3'868 similar samples on MalwareBazaar
TLSH T193C4BEE13E367319DE614635D66DDDB682E609A8B040BEF659DC7B8736CC250AE0CF02
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
dhash icon b2b2301eb230b2b2 (11 x Formbook, 10 x MassLogger, 4 x AgentTesla)
Reporter SecuriteInfoCom
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
3
# of downloads :
479
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win32.MalwareX-gen.14849.10684
Verdict:
Malicious activity
Analysis date:
2025-04-22 02:28:55 UTC
Tags:
stealer snake keylogger evasion ims-api generic
Link:
https://app.any.run/tasks/326c3257-2332-43fa-a2ab-b42e6696f4a6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/3310/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.14849.10684.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6806ff4a2203b3e10cd27256
Tags:
virus micro msil
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
entropy obfuscated packed packed packer_detected vbnet
Link:
https://www.filescan.io/uploads/6806fe7990767142c3dee643/reports/47b71ea8-97cb-49fe-b2b7-e05d57b13b71/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/96f0384cc3243e0bf37abb7504f11b1bdecabed45a961cef490dd91e4040c19f
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a5ac06d2-edaa-4646-a0be-c67b4ae906a6
Result
Threat name:
MSIL Logger, MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1670701
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AntiVM3
Yara detected MassLogger RAT
Yara detected MSIL Logger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/96f0384cc3243e0bf37abb7504f11b1bdecabed45a961cef490dd91e4040c19f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96f0384cc3243e0bf37abb7504f11b1bdecabed45a961cef490dd91e4040c19f/
Threat name:
Win32.Trojan.MassLogger
Create hunting rule
Status:
Malicious
First seen:
2025-04-22 00:41:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
25 of 38 (65.79%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s3ydqtgdeq7ax432xn2qj4i3dppmvpwulklbz32jbxmr4qcaygpq._file
Verdict:
malicious
Label(s):
novastealer
Create hunting rule
unc_loader_037
Create hunting rule
Similar samples:
03260ed0ef22a3464f72a8e830d5762a789169557137f598c27cdf6de13d2dda
MassLogger
7d8f98ced8dcca5e2397bdaaff65fa3d81fb264425167e282ad4fce5f832b59e
MassLogger
8d3dc8435753d98fab3d705924b85fc92b2c4fa3e62ad118497159422c6665c7
MassLogger
91a04734fb1bfa93391d961ff94dfdfffc3021d6cf56cb31f9d696aa3251c6e2
MassLogger
ceaa99440a1294e1a574941c6f1b01db99ad6d85d314264156989e893a64cd6e
MassLogger
+ 3'858 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger collection discovery spyware stealer
Link:
https://tria.ge/reports/250422-cxgnzsvpx8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
MassLogger
Masslogger family
Malware Config
C2 Extraction:
https://api.telegram.org/bot7708941755:AAESo20CaDDAOjLLtHQBUxBHzsPN6t2HmCk/sendMessage?chat_id=8161167655
Verdict:
Suspicious
Tags:
404keylogger
YARA:
n/a
Link:
https://app.threat.zone/submission/1ce5ba2c-c140-4227-8301-beb5b5d749a8
Unpacked files
SH256 hash:
96f0384cc3243e0bf37abb7504f11b1bdecabed45a961cef490dd91e4040c19f
MD5 hash:
8ab2c0c1963b08963ae6a9fea8ad4607
SHA1 hash:
8fb181068d6403d69f538e25a87cbcb0bd2d49cf
Link:
https://www.unpac.me/results/cafc2d01-cdfd-4f34-8d5e-2e6e7c87e835/
SH256 hash:
ae1287831e6c4c0feb35d4b3eb5b30bf9947a6b73bc15b97a44c35cff791ea9d
MD5 hash:
5cad655e43ea114549f30da2821aeb61
SHA1 hash:
2edca57d756c61e40e8bc755de282d8783daca22
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/cafc2d01-cdfd-4f34-8d5e-2e6e7c87e835/
Parent samples :
16710103bbae3fbc560ef36459df90649918b2b33ec96d0a277d10ea31f81fcf
682d77e301efe76c076423cfa323ace12a4adb04fa0b8886b154684f89e983cb
1ff831f648c1e5b70a5537bb6180d5a1912e5a33b79179a279b5029da86696ab
c31f10c979afe3c22fd1cc48b720cd880e0c1a4b2ea1e7af2057191058f410a8
4f8641371c70db217c573c922367c68f799e0e31a62e99404a59015b47baa67a
d1f2a9b4ae7ed0c866dd923d5d7cfab3a03af9e16f330a28cc66bddb97a0757d
dfae325223b17a4c65ea52dd31263dca38c50b48e814696ce39e871fffce8cd5
2fdc7b9f1318dd8a1fc040bf65c4d20f5f1df79595a59289fa9f4652151a6dd8
cec28fd0f6fe4e4cd3f7a2d28cee64322d7b4ef6a46def443d5c75d8969e2317
506d458de1be8c32adfa1a05c28cefe854a30e6bc2d1223bf27e4e36a7ab97c6
96f0384cc3243e0bf37abb7504f11b1bdecabed45a961cef490dd91e4040c19f
56b23a0a370244334ac5ddf297014a5af92baf07ffbc00fbdc43d29e1637e553
3684e368ddf1222829870f373194218a0e7032f6d5429d6ae80fb04638ae8211
d237d2765cf6f376713e70781f15439569af843ffef61b89fc4bcc11c4aa89b9
00d5c9aeb99d4e1a78c18bf375d4a47528e89951bbc11dda251d0c7b17c5d3ba
e4997c748608a44552daf6262f503b22f5d77e20bb4b411c6342bcf6c1690ff1
8ba17fe5add6400885d78698311fdc2586cd6ceba5578eb285ac64b77b065e16
f0695b975e0e13218720fb19aeead0d365d7dc99ac0d32d8b0227a3224cf56f5
df605c519f38938acca993e1a831fe032c1e156576852b491d3279201e62fd3f
ffe5dca9d94344ba35262a0eeccb6944b96375c0328b958796f8613149f147a4
be382be770efca98969b48895a2e7c41595a77cd79154a730db6b5ea9f0d2270
3ca964d47a615f318ba0fe2b31dd5301cfacf51c9fd20015d2a898901b3733aa
34de6cabde0575f417b9491911199dba9380977f10a1b7bb0a335a61c7a9f372
1f33285ecfd9edecf724b76378c34b1580179e5eb8a4427da3ceea6a44b3a792
728d076928cc7cd4a79baa23419ae597aafafbce6bcf3d409bfc53eaaa684952
b9bcdc03e3c7fa904284298f4cfdabe0770ea82907fc73a462632a75ae8efc80
fa1e69cb8993771043bd3086c917259601f912263edb53e2edcc29e99cdf54e3
a0908f2e12db17eeb19e8fed82af3f21c4026ff9c75157e42233136512f58c63
b4c6a4b1994014363f786838748a4d0e01832cda7d85c9c0ea73529c16ec9e26
a86ed888e10ea024b27aefbb9eada25bf7bf5eaa21fec5eb7a82d9123bbaa6cf
7bd235f539219215d5df194e6d2ba885366d939e4b692f97a194463ecad34d4b
240c09f1a97bb6068fbe9c61b6026c0997dc5f2a06ae80e0c15ec691f40f30ee
eaab91d22d868257b7e6d93e17b10336967a9bebd39573145f5830a4b7d0a1dc
33c9ffdeb5e94c9bdce7dc3d0ded74f15e49eeedf44a64ce454cf065bbdbd1a0
577618a8427cc363b465ddd0d06924799d820b32e2f4e42e67a852e072198957
a8f3269aa0125bd0093aac23495f4dc4784660bda3a4ee9bf871ab79d75e65a8
87ab552cd2d84cd5fbb0c4a5bdacf9886687d314fe67b2c47fff9caff4ce31d7
5f25c8dcfee56dc11e03d1001f7c46e5adc9103651771cf82875dbd3c95c6775
502954caee03e25d62dda3bf7ee722629dff96e20cc3be8478a669ba1a62983c
c37baca5c488614ed44b90ade56d534975201dfa94327ed216b3c87e3ff8cc7a
c21ea61a25ec98591e132294aa244adeb9467d4c7abc0c6df772dc1d662f4b84
649bef3ff15efe5ff2efaacd71117cf6fcf02d33ecee43b049ca13dd0b9b63a2
5271c1a2883919c00e117de2efd6832ebbac3faf78dd2bf79641a550dd244398
b4bcb99e73f47c4a4f50ea83580f6d6722b685fac73f9dc11777ceedb8d97f8b
c119debcb955f7bf495359707990716136e4fe5ca31b6f8ee27f4895afaa7404
99eb21753db52508e65ced48f7f5dae3fb00a288e22dd1d54df7bca78f394bb7
8291fd2e2188911c99865faac1cf303e8587f69239e7dcbb5b9444bbe21c9cde
009b9ffd2d908195481e9234ba0290ccbcff6457731bcf0c5e6a7d770a4077c8
94b6467cd5aea441330626de9ea2d6be92c349fbd4932766f644e461bacbda24
6f9b050c34122c2175ed83fbe4bd053133295c84610a991bd6a16940aa322ea5
61d063ef343fd9f0a449149d94cbe2d515ea50bcd008c56dc66af8a91353f4e4
1baa01491b76eb9d1e39b233dd2966cf7f1babc5cf6cab48ca6e40b80d87f0b4
37f0e1197e435fce2311791ff38dff3c9b1332e4485c1648bc654990e7a429d9
79d7a511c69ffd0c34847d5e459c9a8585e3625d66b4666a24212fb6740ca36f
6f4997b2a236ae5d05902e64165d6ab9a95b5055903956a24ee92e8eda908d87
6c3c65ec59e1fe33db808e362b9a58335bfa9d375c4b9e717f6c95dcba725f82
5c59105006959233e9ec2e049c3b7e9b4df0aabd262e37fa8ccf0154557b4bee
de318bd60337fc20d8b67fd07db9235adec03d3f6af004e30a4dbedd9c63bc2d
85eb3041d52eb735c82cd60b3a9fb25d404de4abdf04fa920c81ba400032e881
e062f61985db319dc9f4a230770e7cab783cecec8c61994aeef2d75d86942a91
07861f62cec0fd9054939fd5a062da7ad01d781a72057dbac6859c068db001d5
8fb11fa0364c17c99805db4165906bf4592c745ec78f665acb830755b2b18567
92d76de45d33072ac68cbb8bec478169366519a4ee7c9d295fed796886adde26
bb14569504a137a5aa8d5923abbfb57659727db4d5903da93e577cf7cb9fe319
15b1dd61220782f0fd48d6ca10e0a556e036f2ce0450e443ee33a57fb6dd4ba9
ade03b33ad1a47b43d99a5eb7f469d127f98df657167c31700fd3c5cc76c522d
84d43d54b0cebab94fe2feaf56e7c5f223df6f7bc1e71afc12760989c21761f6
922a35308a57f55fecc984dd5f8008360639a389b8bf37e46c0a14bcc8d7c8fd
8f19d493ab01745e743d2781b610c2bc92a959711bc6fdad3d3937dd0d334cb6
fe3589253a8fd6aa4adba398ef62b6066dc076bf610025d8b05def15ba3351f9
7080b6bd8792eaf9753134b20ce4ef1e7bb089bb62c109803f2c12c674194675
95ab39eaf0c052142e609568672d0c472c87cefb1b34e974ff92935bdab75a09
6b4458f800fe38459a4246d7e08fe939daa453ddf95cbd6821ca2e32adc121e4
e3ecb9d4d5f679d7928ce68194ab19fb38876f6c5e72cc7d3d58fb708da26a3f
0e2e5e933088b8e54067815a50b38d0dbb7430ec61b1c3ae6e3c9196f660666c
373abfde84867e8ce9ee0d8b4619f746cbb749540dcaba53fa0a544033db7631
200106384688b9efb05757f00720f400cfa27135b7ec8f3b320f6466fc2bbbed
4ac0bfe8161d9f1cd6e355f8b7d0793b12bf610c9114d6bef8bb9c22ec1497e7
f99cf9f643c2e4d0517b48a35721b6b6df1feb97895c476650f3364d55fbc77c
f987997a15f2ffcc9430d67e32f54171fe58e4c9f6865146b83cbb79279a0b25
d0bad580ed3fba0f80fe09ba1778ae49fbe29a0ea09548a70c49330e24722665
2678402a1e4a4512e44561494f1c7ae7e30b86e5621fe722f183a6d82c17cb9f
9fb47b33659773bb9ac4b4c224f9dfda0152f8a062a4d73f2e22c6db694e3473
b4f779c06421b878976598d11fe86b9cf3b92a04d93c9ce11b57772876ccc2ba
4cf6dcc350b1f1f3dc9aa8e72601e9c723a878709773dac955c408d280f7a729
774051024bba00aa22363a355ec0b76518464d82eece577d98839966dc6cae19
10e7df181627a2f66999dc4bf87095501b2e69833efd4ea6262e27f0b5b4b272
b7948a338d06c448aa9a7377e527688ea5438f82ce0bee447f6ab57932b30ae5
17a6a498aa82d15f97cabc8a7a0277b2334e2a0edf5d315d87733c6339194c72
861b9d85f642873dd0f034f6f946e3791c4cf94c6687527320d26a2f217fa04c
afcb27b266ed8d8c78cdea743c59abd521bddf2eb56d3930f6b1c4ad115627bb
14bec9321ebe46e28e8f38d4dc2d3ca9beac7e683cfb316a208fea291629e77e
320b021b187d07f6f0b7b54483430e85251f4cbfa9fe32ab63cd8201ed9a0678
0f9eaa5bd9e8297ecd792d9b31345262be954035ee6ec3aa323374297f1f125f
e2b1474db72b91f6e9f35fefb2c9608a5371d21e519e392344d5246b7ec062fd
91627eee26e26e9b35346679b12d9ef8a08d74be4a8b58d312d9b36960cec7f6
5e47d534bc69265885b633e57144923a33dccc9e6f19aae9b1906057fada4ef8
be83e0b3f35f8c1c74fc219587b3fb7760ed49a611c5d060dfff4e5853df6c0c
0e38d9391f83ece1c83fa94f5190c4a7a446feec38f305707fbcffd56f881892
b9e560839e19d9fc3cb727c4dd29a81566162a924b9a8ae5f55523284a243cc7
b8c9775f98ecf9d5fc1c9710289f2ec6a843e9a374a34cf29c53e21471d4762b
56ad5414ed2c3a9779bae69c39ecfd87b8c5d655af701b147f02eab671c4b6ec
31094d6d367c92b595d8d48818b998fa9d3c6114e25b48256de8621a2b5f2baf
03ddcfc0bd5eeddecae7ea59eb8bb9bf08a55a1f03784a3e09b99df597149bf2
6c4d270681da5377dc375d3d4d026eddef87918f6613990f0779884b794cf415
34bab60d1a03e397c209f4455d1dc0dc6cd2c1a5348da1e0e99f16e069723e22
4f111dd6b9cea83f8647ff3293c8df2962b052faacbee349867bed985a4703b9
e5f629d657b8baf55380a2310b6355422e8c3092fea3ae757b3c4efe3c6e8bbd
49d2dfe9ec5ba7a99753d71a6c091c185aa7adb5f4325b08219514ba1e6cf456
41bb59ca5ad601c85e0ca7ca6233415f010f4388a7bcb6180d922875a258addc
d6ff37cf17f73dc09e1bb459d7ebec5bfe3ca0acac5924ebeb15c01e1d5985eb
bc407aec3c1515d5cf405c36da5d2336361e57dc07afba016a5a6379b56892fa
8c87d9eb60632c48c1c1ebf86eaeacbc397e4d33a72c82bd9c4d8809e5096102
35f56e6019406ee4247dfaf7a96e210eee795c8b05dc3c3666a2f644a8d4beab
e2c38e07a5c77d5cbd006efb20da82c97a51ff450e2281dbc11d13541ff04041
ea686a707c6f103860a3d9fde1357211e15b9aa8d089469a04d2aa1db788727a
33ebc1a99345339f295f40833f9a603c278d2d7fab7d14d4577a1273689440ed
f7716c15ec6f2fbbe55ea20de84f9b2b2c5c985f65aa7482a1aa7cf8bf1d06d6
cdf4628b66669c11801084659542a15705c73e5bc511bfc44bbcb8f2e53eb9bc
490df09cdaf2bc63fbc092022717eae73f7ebd54ae6c7d0db3f2a8823843d192
ab6443a215042b7eae0b57326750dcbde20b5b6991784124f29afb192c45f7c3
c16db060e8233abed92109f90b60c07a36acce85bdead063d887f89d2e2c1cc0
fef63e35d792b15a6c741896dc2998e9d359ea97f3ded6b4dd48f74ef48ebc92
faad2001e21503cfa4015511f761b5db63c6a1e581d140021359eb60184ff222
b7aadd054d5fb0c87d9b836a154694668291bcc1984a529cbf7f1dbdaab39e8a
8405f32eab91947b14c6411f949b265a1a2aaddcf82b1456f78698f3c8f50afa
5d9cf119c0e1d06c3625fe6b3f3c2801e2bf8bcb38106687ab961245971c2b91
df26441999f9925dd10b83aedf9103bb451949258b348ef1be5bc48755019c9e
64c1ac17daaadb7279a761edbfc3f8842478d61e6f2c9094e3859b4c42da02af
e1e626cc22627d69502270892cbcde3b6a6cf6e3326712b47c736cfa48dbfacc
72a10a903b9644206b86f80339c21cb454327f3afb6dfe63c939d354fd2af317
248bdde1eb2fff66b037200945c95b22c3c607aaf3c422b8523304a44c0e99f3
5ba47fc85b0a155eb88dee474eb149e2c31b75f2b5df7a24aad699dd81dae311
16197508cbf20d23fc248e0f533374f28162d5c227d02956e04f4031548c4cb9
6bdfc7f271661049f01ed2bcee714bea49f1e0ee604b3d4f4d0144cf39d5adaa
5ea761dba0e351f275464bae5ab9a2f5038b83cbbdd55113ab1ce30f1d182970
8c26b8e9d4ec4ed915142dba3a477f1f6490b25c7e72973501bb468ae8073d59
049cc2d1388dba66dfeb9fa5de703c293b681641a855d13a8cc1490b9d64d8ce
bb7306eaef188dabe0ad73b9346fe2704a50a0e5e5f9557f365daa6a97a09182
ee4202466c3df1bb44773ee382d9814bf0daac585b416e44ab0eeefc7a588aaa
eb830905829e3aac092afd0c536f9689998e8583a697128c101ea999e20b4aba
457f751b9e2331ce4586c67e13dc11de41be3eb7125197afb260394273d5acb6
d72e89cca70f53abd92985796b73f8913a342f6caabecd2d7dcc44de97b15638
6e9f1be5c0eba46abe922cd9b58dd67cf2073820ee6cbe2563e8b1fc63385855
6da71f21f5ce6bf44c9fcece5f8f685e705bc622e9b178658885cb5206d23078
715eff2e71cf1ace027a6b89656abc6aa127db6f6004f7dd10c32ea379e994b4
712a2a2da336e127eea276d37b664f1d82a0c5a94498a051021dafbc8d9bc591
b342eb87b5824c0c867e6a4fccc6c8f4c7a19d3ee8c75236be0adfad477285f4
19ec5eb482aac74018cd2b014d941a242792312c809d90be93288afb09330ac7
489fa1f06147a1d21adde71bd24108e0d80753baeb4b0ce2975d482410b87126
aa5bf0649b614a83ddb9ecd1454504d9d51126f426a9477e5a407b130cf80983
2e5d68fc3cd969cc3fb393afab405b214dd9b0fd7ae40eb4f49142397a00896e
26734c4f5080e7a15bb38d290173b208b7e872f923b4307cd201b2a756638880
e551928c5596eddc12863c8103bdc72fc53872c7ddb1988da7958e01ce21a1ab
572a8143626c3ba4a47ab7ddb26146c0de475ab3a0f405193305348cbc02603d
ec3eeb4b700498a998d4e5e80013d5d6e001bfb48232e9eef7bcca14b40d7a06
9d98e890098a67a4a0337c250088898831c3f39eb00792f4d036b3d439c7058e
781bbdbac8346f7e9d5b1530dfa2b8661d23b18a642bafb358e868c989760abc
0081fb53ed71968a848d5cd1f8a19baefdc97c1e82c111d844fdfec240fa4f52
27692e445216380a00c979161d2163a20f71513c179031a564e6274078d0fb03
5c29840575f0782ccd062371831a7eff2315436c0f1eece428e89fb6a1d6734c
c089cc6b6ad04e62f0c135710beef0013f1805df94d54aaa8502d39a265bbe61
7720932ac03ea7d847b5d3e035c4ab37b31bc4fce71fd6e0043f5149db231a8a
80b0836a4f3ddfcca0e16b9bca310eabbbad53ffbc2ab1a44913b590782da2d6
912421c5e67b1f2f502b615413c02a9e7c9d92d121baa694438ab3608b4b9f88
ff3f5b0f417e56c82fc9cb1340db97faff6149fa5b3c9df795fd91a40c509862
f00ac8907fec8e6dc31725e4080b6f4a6ec48d456ebd7e58009f24bc8e8eb3f2
110962df85578b3a3d46ff96d15966c0365f885f087ef21928e605fa7aa164cb
d922cfc7b45d17c9175b6de4653c9d7e62c8fbc390e6fa9ac294598a1e80c7d8
9569e962638eba6f9bf00474c616841bd7de003fcd5928472777f6c70837f73e
36982cd1c8dc130db45859545ee291128551060bf306217d6db4ae2894145291
5a7f0a0cd553ea494cf5b5b03ea5b81273218ce2b6132fad553ff91e24186811
8a950987e85870f393f8a7b623d826e32bd428c2f0d0f23112dff46066a7cbf2
35850ee5ec4788a4a2af929b805891f6bcf339869ec6c4407ad011ce7bcab4ac
02fe6d2d4a41946e2ecb73f29778cc3d94c30e53f824121af6732c08bb972419
66a1aa16b5484c0ebfcaf2100a347630697789b74fc9236ead6405477dbb7c50
1f891e16bae23d9493da67c92e7453b935aa95e815e6baa9a915c2897731246a
e309f8f28059b461a715d458825bc7e00b9e5606eea7337525e9a074dc9effe8
5e4675293aef9541e937220098ea561b15c44d2e22d8ac1fe3f4e0ee8b5aa09f
22bbef730c3e272f875e47ea0d4e8dc1add0396db3ceb6d86ee2d2e63c26f779
a74e18b6647b592a00068d8c7ac322a0bd617e0146ddd1864c44b8d2e8dacba4
fa64bcc79223407760ead3b9b78477e68fa18f3d65ae6c025fbde01f11247deb
efd056eb7d863e93fab3ecf6a1609d7c94ba5ae2e43b66204756dbe0a77d37fa
71ea55b141b72865cbd1c242256d71b7c5626ba9cd8533d3b5ee31f7db05599f
458fe84bbf2d7cbda5492d6517a134caee56ff16d888ed66b84722a9aebb76ca
8e44219248894eb248a11f54284a1c9b999ea0177209907f868ab8bc2783b9b7
174c55d7a28d85aad633a9d88c9e4d9946f28c277f3e793ed9c8a3ed98f869c1
553e57c67012138259009fbb10a4ed4dffaea95cbf154ef08fd02527ad97654b
6b1f5f74b6c2d96735412a65813be19b3b7d5303fc5bd43fd158df6adcb17c2a
86a32cb0fb642641f2b04987043472edaa31b283c437a64c9e0fb7a549ac10a5
3402c7e91b77a6afbff723873d40d063b04e494303e5b4443b29ca3d9bae5ce4
c580a68de9979980650d0ac1aea463cd970c1ec8604e6f419e9c057efbbfdf61
7cdb8fca5128be15e68fddef81ca58e6cef3e69f38dc885c6c413786c9b9f343
d63e95b7e4b8abec5bb4e3228f89903cdee6b0b8941686cb36d2ff6d50629359
ddaaf63a37f114e42a1548a57af2f9024e9f2e143401366b6351c1cd4d7963ca
46962429f9a17c760f25e988d2533164228f43484560298f6cbf030f26455d00
2af4f4e9c66b1153755eadf264c48ccb3fb55abe80ddc12c245f0109f18d6806
167439ff294d88a478d4c3d7045ff1d8506486dd97511daaeae95b9240f30961
d4b8c9f149cc269c8aca799dd247ee525d33f9d013750f817b4f858691ea5b99
b23029bbfaee8da6342356bdf09d9242634c9b92bad625d275da0135bb77f55c
e3db4470101ffc0e0bfff6fd7b9bc331c080702d0eee25733e793380ae3b8753
cff11adc2348327f3078333995c8101840ca782a1da1f6163a366b8a30a5b000
7cc0fdc66bfbc65d8d0035e1659a6bab04827aaa980d753d83020f1a9e3549cb
e95865bc13556c4a7666003b4c99406536cd9f6a17f6706104e707de3744bf1e
640e616659d0c6fbd1abe58a888cc144cc0026c625dad72f20ca0600fb194d50
0c0d773a601757285e5a3da3e8c45a6bcd4d66ac0363397954de172c8a2da704
60a4969ae924d6ef3a9604293917edafb3ec21ae801fa4251b37691c56295956
0cb2fc2e6a5de76b308f66079db3794ede4027b3c25653688654a9549f76dc86
d0259ffc2de3540cde857d4579389224de5c865df8bf299ae41dc9048a9cf546
eb2e2da880054567ab4736150565fcf7353ade196a8a500ef234f9a9094b9996
0ef5a44e6cfee0bc94b6aefce53c7fa98897a204fbbe59a58a416ccd8c2bbb14
710acf0f0b0da3df593a77e57a6def732030aa047b6c7b97ef116a04721f0a32
971cced569c6dea4431bdb0111654978961b84264346405254573c27215e0633
93297db87475693426faee1c64458b55d362823dfa14614c35b6650bc7369895
0606808ed17e9c16e0d11496b50484a2dcbd1e39c364659a55a946ef6b80c689
8aa9bc4b48e64fba1e1167eda865f7be096d9ee541721cf5ffa7cf9814f517b3
fca8a83c6fc8c413126b1c8466c1d4760fe4f5e354e7ca843c86cbb417cb20f6
ccfdbc2c2698e804cc3e9b200a6ad61d835b7b0e2aec1aa4156b025b7e9e7340
d6a89c41d73e93f00a90739678b1b977f81d6e0edde500e663a4400065d6c3b7
200028d1284bf0590155f241c66bf26c43661758386856a23b640f92da28833a
f960bca90abce5900c28180953467c72694b67d5e6d0218e5ac6edd454eab572
31a83a4477bc742ccccec7cd1ef6cf0b56fce9735efd420763eb1ac82ed81842
1a1670be4580948054412aaf8daf08bebce39d9a93ebb7f1656d15b569b9e707
a7485e9ab1ccbf4b337a2dc2b8b7fa95c63976d7c9886a43698ebbf1493d8c20
dc4bf2d8b23e74283b96c26dd98b0e8bbfd1611a51ec5ae47152527f11a226e0
c9d729c219c8909ffd7b6cb9de88e649c9e1df24e488d13752fe93bca352785f
0ffbd00f4410ebb5f3960c85150bda3cba26211c5736e5c9f57c39919323fd3f
773bcc376bd725ceb2bb00ede9541e1f267fe302cc40d8d519135bc0a830e214
da2b858b41f8cea09faeccec9284352b1403c1fe9c9f5320fda75c6ce41738a7
920d98ee99152622a6ab638d261e6fdf632c7f4c276706d7523bea6476ec561d
3c214c666d427c74d7fcd6434a03a5fbefbf5e1337daa5a33653da0320878b76
8ca0e41da8651f9fa36bc0a10df4445d609e778c05e9de397bc231f097459593
7c968428400818ec67d45cb4bf6b4bc83bfd37bfb7fa95658b05d333a98a54fc
fec56617a813954d1022f62e9b2755711fac4b5cdc6e1caa445aca1f279bd324
726071ea9188c81b141153a3dc8c2e356f3f789bb1d2c4672091cf3562158d3f
49e15a9ace08da2ee62f808c51dbbb91742fe4d3262fcce88e84fdd50d813abd
daa8984b462a0e7057a9641f0c54ec57f918ee3cca607ec1afcbbc1b66f7f73f
351443860dfecb08d26186c4314dfd38f6182e0bd3da85a9dc14dc0bf6d1e783
80597422cfed734ee2786723bf0448604c6f04a7b7e3589b7560b44af887f999
a097aec561cd83143a72f7d65489c7183215e3a1297972b149e045296fe58f0b
8872a45a4dc167bccd6bacf7fe7a2e1226b6d0d715c254f70b2d11861a580c9e
53a4727b9456dee6c0569d912fbc3184d953fb8009ab380204cc9b72ffd36c59
3d23669e6b8b3c81723e8d708f6b96775438190207a7ffc2b3250dc8ad9b6d1f
40c6917c29ca6cda32661403a08112ad7cab7e8c3c0cc2f2df43ce304fd2c9a1
8f70dd4f8cba66fe0b0357a900da20e6720b9f61b2bbba69839989b58190d559
0b61c4ae0bb0013d79d4720f22c4f938e8f293c037da2240a95e74796e986cb8
34c5244a7fe3a0020fd8076f8cfaffc646eaeec2a064fafde629f32dd7d271ab
d11caec43b34f3572ca3a4d59e2d017c913bcbc4d285ab108cf20f1a35916b09
e447fb203cee5c45700a06341f0c43bf8103524239fdef0949952621815a101b
cece3161c3a7ca97caaa49e774c6811e1f378cdbfe9fb37e17f953da7f8ebd08
107a426d4bc60b1e6ed195a62ad0d6d44f63a6325c64d3e8c64d6a192f05dde3
ac5e423633251a0ef1dfa93455cd0815c4de66e5dad883d0ee5585a423b287a7
139b85b4080a02bd329b10968f2a0365e7769f175e60cc7ce1e4a98af8afd41f
ed9560d7b80ecab2224cf3bc6f60f11108e75f73df736939e3c3a1d4e2d38300
df78f09195d5ea7b410cd19c7d776da01b8249b92db4737968f65d5fa557d5a2
85aa03ee749d1d7f49bc007a396272be71876668f48b6b24d14f8f783d9950a3
3d61aa0e6fba0fc0d2c41a61f004fd50686dc8bdf86b436b9ce113c140795b8f
1aab9cd5703cc04fa54ec81ceb18aeb93c6f689f1135e7a05b99999799212a09
f9d2c41103ef693a7d6faa4a3a398a80f0b79192f9cd74b1b788f5b9f7086e4b
54aec3664b3d47bf3b85f344f1d1f319e2c3ffa88d95442fb7dd6a14f401337f
eae3a488561ff1bb895b0670c0246d254f46c4c32efd8faaceb80e275bc10bb4
12d18151689f567858b9b70740dd5ea1ef379c5bee30384db4241563a5fd6e91
15b76fb2b2e05959ffa7fc6bf458d8dbd7552608c03142822aca07c6049aa1c7
95c0a9a80b1593f42e9b2913d7f23dbe35f801312ae017e5443d3dd2f2959f0a
1517fa5ea2f649735f110e47e4b55323b441718a7e6bf7dee66d27188feb9967
139a3b308c771293d9ab5a2e11cc9f978863082e1268183da77f08414c07c9d1
a383a743b2d24273fefc0a38a33669dce721c91e52a6f845e10d1b36825fa8c6
b17813b2133fd4fbdcdff9dac47d794583dfe73860ee824d1d3ea69a5be2ecde
04ba770c55cfa0531e93dbc85974db72e8019aef649b59234af9dc2d209d0591
2f275cb26e70027332fb1a62f86ca222924062b48866f5d9d5936471ce88f0cb
bae6e5e9cb4fe232463c52348ba38ccb1cda92f61414bb27b9edd8743197b927
b42a5dfc1af1fca35389fe545756943f0f1de63319a85dc506d99b09ea361154
9ccc75b6167c8c2d0bbc589970726bac57ed8427b5743487765d95782cd09b9e
0736cf7d1a00f10c540cf2c5fbf279c2d788daf350eaa454bfa079ed0811cd17
652a2564ac5fe8c0400d7d3913f516a62c702eef444d6163cd8d3681e6ef97d8
9c70d399d680255b351d6848195098a67f6b06d30bf7b0bee77a2e9666ee5bee
723dd16fe999e4370309cd38ba3e0de8fa6bff08efd74ad952e5e4c2930c0298
78c1fdd8c368ecfea9e0b3fca5c95ed3c5fe9c61e8a6b33ba99391ac229f541f
37055616d9baf9634128ef3f41d36ef85f37adb1cfceb1cfc1476fe7bced51d3
SH256 hash:
a6a8b978b7be62f9016b0ed60a98eebde9fe24f90398b67b66309bb3b49e7645
MD5 hash:
29820a8774796c84cbe45c1f241afaff
SHA1 hash:
48ab29f3194763517a81d884800ae3acda9b9495
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/cafc2d01-cdfd-4f34-8d5e-2e6e7c87e835/
SH256 hash:
7925eeab6b1b6fd925d4062fce0cc14a6d1a079600c991c61d20bb3ca6fa9b14
MD5 hash:
dcd63eb81725fe80a6226145a3955671
SHA1 hash:
5e3c054f8a5a04d6167708aef7e52694aa314ba5
Detections:
win_404keylogger_g1
Create hunting rule
win_masslogger_w0
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Link:
https://www.unpac.me/results/cafc2d01-cdfd-4f34-8d5e-2e6e7c87e835/
Parent samples :
2826008e6bb61e04226e073c628ee0b494f69861e12bf47124b88f1906e1d8ab
0103b1c78fd2b588d3df5c688369fce8621e8c22d3207faaa1e8404c0ac860c9
e6481c323180a497b6bf9461adc33c9aedd2320b1700ea8c309565253585c0a1
bd786fd63a731d3b49654aa94045c0b9c11c5c7112636befa6ecee7ff91d4c51
96f0384cc3243e0bf37abb7504f11b1bdecabed45a961cef490dd91e4040c19f
6b4458f800fe38459a4246d7e08fe939daa453ddf95cbd6821ca2e32adc121e4
34bab60d1a03e397c209f4455d1dc0dc6cd2c1a5348da1e0e99f16e069723e22
bef3b3c43622687b67eebaf10120bd5fc5f957a6cf46b176cbbd4c50ce9b5c5c
ebc88926926a0e2b3dd6f1a5d4149f561e448d8daa57305ec3bb0a4ba9285bae
1c6e05a63fd293c35c3aea739efbcd442e4b9b54e0dafa7385787d4d1ffc9f24
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/96f0384cc3243e0bf37abb7504f11b1bdecabed45a961cef490dd91e4040c19f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_snake_keylogger
Create hunting rule
Author:Rony (r0ny_123)
Description:Detects Snake keylogger payload
Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Author:ditekSHen
Description:Detects executables using Telegram Chat Bot
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:MAL_Envrial_Jan18_1_RID2D8C
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:masslogger_gcch
Create hunting rule
Author:govcert_ch
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:telegram_bot_api
Create hunting rule
Author:rectifyq
Description:Detects file containing Telegram Bot API
Rule name:Windows_Trojan_SnakeKeylogger_af3faa65
Create hunting rule
Author:Elastic Security
Rule name:win_masslogger_w0
Create hunting rule
Author:govcert_ch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/3310/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments