MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abe23e12f4aa1f3e0b9ea3777ffaaf4fdcf9ccb21e7331b32d20bfa3a511f6c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: abe23e12f4aa1f3e0b9ea3777ffaaf4fdcf9ccb21e7331b32d20bfa3a511f6c7
SHA3-384 hash: a490631330395789d963ca48608707380e04d7a2074ac9347fc8b6599692227f367714d16c758005b57a2bf8e81344fd
SHA1 hash: a5b27394da0c8afffbc4dfa4a734db62917b9fae
MD5 hash: 504fd653e392b36a4f829f583d8e5f29
humanhash: bravo-ceiling-purple-mountain
File name:#gfe00620.exe
Download: download sample
Signature MassLogger
File size:1'175'040 bytes
First seen:2020-06-29 12:44:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:xJp4ZzH+q2hDKaGehE/l6oUYabsWf1GvwCI6L+9pqGS2/DUzuz7FQlVy1o0ByL:1CHoF366oqX9bCI/l/DUYQlVy16L
TLSH 8C4528413EB0CC12D89A12B094147EEB1D3D7D43E4E5E16BBA623AA471725BFE5B8C0D
Reporter @abuse_ch
Tags:exe MassLogger


Twitter
@abuse_ch
Malspam distributing MassLogger:

HELO: smtp-out33.welcomeitalia.it
Sending IP: 46.44.253.77
From: n.vasili@gfe.it
Subject: RE: #GFE 00620 ORDER.
Attachment: gfe00620.z (contains "#gfe00620.exe")

MassLogger SMTP exfil server:
mail.mytravelexplorer.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
32
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-06-29 12:42:29 UTC
AV detection:
22 of 31 (70.97%)
Threat level
  5/5
Result
Malware family:
masslogger
Score:
  10/10
Tags:
ransomware stealer spyware family:masslogger
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
MassLogger
MassLogger log file

Yara Signatures


Rule name:masslogger_gcch
Author:govcert_ch

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe abe23e12f4aa1f3e0b9ea3777ffaaf4fdcf9ccb21e7331b32d20bfa3a511f6c7

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments