MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc765dde157a6c7c2062c20b7f57bdb8fcb9baae079a362ff0a2b7e9420899f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc765dde157a6c7c2062c20b7f57bdb8fcb9baae079a362ff0a2b7e9420899f2
SHA3-384 hash: 663fd426615c390913c36833ae076530579274d6480872eba41650c1b7a27297a5ae3aeb575c79bcb6055afcb5a972fa
SHA1 hash: 62d50c2149eed7f5718963221f71fbbffbafe793
MD5 hash: b8e8dc88f182cd5604a75140854b8039
humanhash: early-oranges-stream-crazy
File name:PRODUCT SAMPLE SPECIFICATION.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'130'496 bytes
First seen:2020-10-21 09:59:59 UTC
Last seen:2020-10-23 09:46:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'633 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:mmCDbFA1GUKzod+Wrk6LJTfWXpDywm+oYhxboggxzd9Q7kN:AVANKzoHl5fWXpR5oYcgazd95
Threatray 370 similar samples on MalwareBazaar
TLSH 1435DF9C329075AFC65BCD3299681C24EA207C6B531BC247902336AD9A7D6CBDF146F3
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: bistro.com.ph
Sending IP: 62.113.215.229
From: Eymen Mustafa<tgifhighst@bistro.com.ph>
Subject: Prime Product Concepts - Quotation Request
Attachment: PRODUCT SAMPLE SPECIFICATION.zip (contains "PRODUCT SAMPLE SPECIFICATION.exe")

Intelligence

File Origin
# of uploads :
3
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/73981/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Using the Windows Management Instrumentation requests
Creating a file
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/505656
Signature
Antivirus / Scanner detection for submitted sample
Binary contains a suspicious time stamp
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bc765dde157a6c7c2062c20b7f57bdb8fcb9baae079a362ff0a2b7e9420899f2/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 00:06:47 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xr3f3xqvpjwhyidcyifx6v55xd6ltovoa6ndml7quk36sqqithza._file
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
107b57fdf9c667731c973e5f254cdf985a2e7d5e6659f19aa2e9b1a0e613a7a2
MassLogger
2fea8f7c727460dfd943dce7f9bb051f188f37a0150a132039a1892f18749ff3
MassLogger
70caf501b061da2729d33d4b0c5e9b9c58bc554cdbdddef16f7e057ea346808c
MassLogger
7f65935cd55b5a0978bf0a70690462a08d83657a97ddbe6aba871a5496d5f9c5
MassLogger
9bf180bb7b3cc0fcc6d01b68e2aa82d2f853e081ec71e34942d875324a2415b4
MassLogger
a2b0e9c1ea03a3a538fe9ef7f8e6dbf4c08feba8560e238e29fce0dd2f2e144b
MassLogger
ca74ca06ac3bfd92aabfc85fc7e10ae5d9e2e6306ed488eb7bf0b06640890a9f
MassLogger
ed42640da83dda3bf2ed08c414bfd256a82c9a8ef1894a59e3c421b254c59d4d
MassLogger
f925d649aee4b92c974778fd87576229f44972c23df41df5aacdd9dc55fd2c45
MassLogger
fda0f21717df25d8af793a43e59842da0e60fe1993e4f3a903aa9e568da141b1
MassLogger
+ 360 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion
Link:
https://tria.ge/reports/201021-xw41sbgly6/
Behaviour
Maps connected drives based on registry
Checks BIOS information in registry
Looks for VMWare Tools registry key
Looks for VirtualBox Guest Additions in registry
Unpacked files
SH256 hash:
bc765dde157a6c7c2062c20b7f57bdb8fcb9baae079a362ff0a2b7e9420899f2
MD5 hash:
b8e8dc88f182cd5604a75140854b8039
SHA1 hash:
62d50c2149eed7f5718963221f71fbbffbafe793
Link:
https://www.unpac.me/results/2b92074c-30d0-4894-b67c-10efa8de4afe/
SH256 hash:
31ce938626ccfb399fe1696710caf46d7ae9eb598b9d7d2aad719b594658469b
MD5 hash:
0aebe46040ceb011e78506d4985fe3de
SHA1 hash:
218ac1e7b14a66c604ec3042f8486bed9cd4c2c1
Link:
https://www.unpac.me/results/2b92074c-30d0-4894-b67c-10efa8de4afe/
SH256 hash:
4394261971ef4885ebac4607549923da11f1815e5d1870eccb4586853f44dbef
MD5 hash:
a652a0325830a668102802a8a3851b85
SHA1 hash:
7fb0946499a33108fadbff2823bba20f3ba2df9b
Link:
https://www.unpac.me/results/2b92074c-30d0-4894-b67c-10efa8de4afe/
SH256 hash:
fe82d646c37d990e5ffacdc48911c272a5809c4a8249e7a32525c98987e9a416
MD5 hash:
8ca178f661baa2d8403b973b92cb278e
SHA1 hash:
ec1003ad7955745069e32ce219bc5dae6a551e88
Detections:
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/2b92074c-30d0-4894-b67c-10efa8de4afe/
Parent samples :
107b57fdf9c667731c973e5f254cdf985a2e7d5e6659f19aa2e9b1a0e613a7a2
bc765dde157a6c7c2062c20b7f57bdb8fcb9baae079a362ff0a2b7e9420899f2
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bc765dde157a6c7c2062c20b7f57bdb8fcb9baae079a362ff0a2b7e9420899f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 222d47d2ab68ed17a32d8c1ba18472971a6395012549792730ce73f978fee682

MassLogger

Executable exe bc765dde157a6c7c2062c20b7f57bdb8fcb9baae079a362ff0a2b7e9420899f2

(this sample)

  
Dropped by
MD5 e28fc40c1314d71852c7f3afbcd1c130
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 222d47d2ab68ed17a32d8c1ba18472971a6395012549792730ce73f978fee682
Cape
Cape
https://www.capesandbox.com/analysis/73981/

Comments