MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3f2d07e97cfe28deee3a65b8541c48f96f022b52db515b06c635f3b9fcc35ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	b3f2d07e97cfe28deee3a65b8541c48f96f022b52db515b06c635f3b9fcc35ef
SHA3-384 hash:	cd0a9de73cc49dc0a58aa26b800f411a2b41e769d0c93c581ac0d36de01807b5f517b88f7bc8ccaa63e3bdf60399d73b
SHA1 hash:	d3d30619eb623155e40572732ef9d0319242e5c0
MD5 hash:	9c5b860421d72247a177f8f8abc7a829
humanhash:	table-magazine-social-twelve
File name:	9c5b860421d72247a177f8f8abc7a829.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	1'043'968 bytes
First seen:	2020-10-05 11:11:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	41cd3d95714b0df8060323fdc67b3eba (10 x AgentTesla, 6 x Loki, 1 x MassLogger)
ssdeep	24576:eHqhBFgBg6qbbRe96K3kJ33lPZXcJv2xUdoYgvFg:JLOxwN7Fg
Threatray	253 similar samples on MalwareBazaar
TLSH	BB25C022A2E15837F1671A399DDBE774DC25BE503E28A9473BE4DC4C4F3968138192B3
Reporter	abuse_ch
Tags:	exe MassLogger

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68128/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Using the Windows Management Instrumentation requests

Launching a process

Creating a file

Deleting of the original file

Result

Threat name:

MassLogger RAT

Detection:

malicious

Classification:

troj.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/481256

Signature

Deletes itself after installation

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Maps a DLL or memory area into another process

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Yara detected MassLogger RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b3f2d07e97cfe28deee3a65b8541c48f96f022b52db515b06c635f3b9fcc35ef/

Threat name:

Win32.Hacktool.CeeInject

Status:

Malicious

First seen:

2020-10-05 11:13:08 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

1/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=wpzna7uxz7ri33xduznykqoer6lpaivvfw2rlmdmmnptxh6mgxxq._file

Verdict:

malicious

Label(s):

masslogger

MassLogger

553ad8c805d4151e154177bb4fbb1678711306d8eefba081ec36bf0518d4e88f

MassLogger

7f65935cd55b5a0978bf0a70690462a08d83657a97ddbe6aba871a5496d5f9c5

MassLogger

9c4a2d8473718bdb1725450b6f0567098006b9aa89fbd913acab1bab0857143d

MassLogger

b515db56b7c63191b19befe748f7af7f00d08623029e8856c86fc46362fbed9f

MassLogger

d8cea078199dbdef51ec7189cf03541bbcbd10c49a133b187348e2a24fe1e2eb

MassLogger

e2df2b406150713616dbcbdbba76f1939e2605c3b30c6ae62e05832eb874e0e0

MassLogger

ed42640da83dda3bf2ed08c414bfd256a82c9a8ef1894a59e3c421b254c59d4d

MassLogger

f925d649aee4b92c974778fd87576229f44972c23df41df5aacdd9dc55fd2c45

MassLogger

fc8f5c635abe5534833683141ae57470c09a246eb290895ce748d1bede405c25

MassLogger

+ 243 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx spyware

Link:

https://tria.ge/reports/201005-8cw921657a/

Behaviour

Creates scheduled task(s)

Delays execution with timeout.exe

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Deletes itself

Executes dropped EXE

UPX packed file

Unpacked files

SH256 hash:

b3f2d07e97cfe28deee3a65b8541c48f96f022b52db515b06c635f3b9fcc35ef

MD5 hash:

9c5b860421d72247a177f8f8abc7a829

SHA1 hash:

d3d30619eb623155e40572732ef9d0319242e5c0

Link:

https://www.unpac.me/results/e09f586e-580f-4274-bb53-557441fa0b95/

SH256 hash:

62a3fd6a36f0affe00be94d5d0b88d4336c8fbe635bd30bbdd1a37bb67d599d2

MD5 hash:

2b4b825827f20d80fc8bda2095f06950

SHA1 hash:

8bb846d3640f043b94daea520b6848c95dea2fd5

Detections:

win_masslogger_w0

Link:

https://www.unpac.me/results/e09f586e-580f-4274-bb53-557441fa0b95/

Parent samples :

553ad8c805d4151e154177bb4fbb1678711306d8eefba081ec36bf0518d4e88f
b3f2d07e97cfe28deee3a65b8541c48f96f022b52db515b06c635f3b9fcc35ef

SH256 hash:

6e843ce5484b4f58d9e63730f3226d1d6c257164218e78f71b55c4d6d75b8246

MD5 hash:

fcef888d809a448752df547ef8caa619

SHA1 hash:

7e49bcf9811fdea23f2f1e04a4571e51e29380d6

Detections:

win_masslogger_w0

Link:

https://www.unpac.me/results/e09f586e-580f-4274-bb53-557441fa0b95/

Parent samples :

553ad8c805d4151e154177bb4fbb1678711306d8eefba081ec36bf0518d4e88f
b3f2d07e97cfe28deee3a65b8541c48f96f022b52db515b06c635f3b9fcc35ef

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b3f2d07e97cfe28deee3a65b8541c48f96f022b52db515b06c635f3b9fcc35ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/68128/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample