MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97e4b41e30337b05fa008fbb69cbd5f16af2e61067637d1fad45894cfe4c683f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97e4b41e30337b05fa008fbb69cbd5f16af2e61067637d1fad45894cfe4c683f
SHA3-384 hash: ed495e831cee6a9d3e1be881e6172a86eee5f84f8d581ba0058291976ff1bf24bb9b93f79107c84d7cfecc370dafcc46
SHA1 hash: be93e17a71c284813fb692b28519cf2af727ba37
MD5 hash: cf813727378fb5235cd88bec24f5cc56
humanhash: one-fix-arizona-six
File name:DATASHEET.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:901'120 bytes
First seen:2020-07-06 07:03:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 24576:ZjCHiKM0kLcOAJ1WKlQzMA6H8A6iZWbGV9bprxP3Le:ZjCZNkLcOAHWKEMAs625V7rd
Threatray 457 similar samples on MalwareBazaar
TLSH 551512330742FEC7E72D4FB4C18027401EAE956BB720DD897DC822DD51A66D4ABA5A33
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: smtp126.ord1d.emailsrvr.com
Sending IP: 184.106.54.126
From: Martin Václavek <sak@sak-loziska.cz>
Reply-To: me <testing@goodfreightthailand.com>
Subject: URGENT ORDER REQUEST
Attachment: PRODUCT LIST DATASHEET.zip (contains "DATASHEET.exe")

MassLogger SMTP exfil server:
mail.mkontakt.az:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Using the Windows Management Instrumentation requests
Creating a file in the %temp% subdirectories
Reading Telegram data
Reading critical registry keys
Moving a file to the %temp% subdirectory
DNS request
Setting a global event handler for the keyboard
Sending a TCP request to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97e4b41e30337b05fa008fbb69cbd5f16af2e61067637d1fad45894cfe4c683f/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 07:05:07 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s7slihrqgn5ql6qar65wts6v6fvpfzqqm5rx2h5niweuz7smna7q._file
Verdict:
malicious
Similar samples:
1d2ddd575ff18848e7c716c90df0f58a42e1803e8182c63d7edc9a5859ca37c3
MassLogger
29285c1e0f58e12ace807098090275535b37d6faf0379372b4ae41299cca5c3f
MassLogger
383c5be68c83202fd20ce29fe47dc6982229ae6bc87349c44216d875554c1d17
MassLogger
4f7ce008febd9fe224c7a7cec7d8abf8c0db3611fd14d8aca135041d21d2b45c
MassLogger
5f291378beb7c8264918b491efa4ebc66110423efbd45ee4e1258a16f9d2a401
MassLogger
7841ae2cf1dee8bff2027d589170a3c820833b94536f8fe14724bcf2b8c69f03
MassLogger
98f14edea3c84946787d020e97f6b161cae2ed419e458434413626b9893c6f62
MassLogger
cbaf28d8fb7addec023228bbdd6a5062e875070bc16452c15515792b78855000
MassLogger
d02c315a42a4a452a9e78011fbcce66f9f53bab788513d1b6f52e8fc70aa9f3c
MassLogger
ea1d4c5b29018a3134b0b0f1d6cb8055b39e94b5d44e3a6cb18d5cc6b0bfce4e
MassLogger
+ 447 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-h3aj2zf6f2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 94b9e50ce1bb9c5cb5852dbbb91a6ec15db0ae66491a218fccd22b1d334f62d4

MassLogger

Executable exe 97e4b41e30337b05fa008fbb69cbd5f16af2e61067637d1fad45894cfe4c683f

(this sample)

  
Dropped by
MD5 eeff7196e13296e5cbdc1459c82a771b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 94b9e50ce1bb9c5cb5852dbbb91a6ec15db0ae66491a218fccd22b1d334f62d4
Cape
Cape
https://www.capesandbox.com/analysis/21014/

Comments