MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 14


Intelligence 14 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83
SHA3-384 hash: 7f9fc9d5c2b67bdb1fa8488fcd72697d53c3a15dbd03e5f5223593a9f4a0488bc45605581645412a630c2924ecf67df2
SHA1 hash: 3105b1fc0b609b264fe5187ab3d0379825288e77
MD5 hash: e11d8f594c6125a80c2b62d39d568497
humanhash: pennsylvania-october-ten-social
File name:bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'010'688 bytes
First seen:2025-03-07 14:11:24 UTC
Last seen:2025-03-07 14:49:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'477 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:PbsrqRJMIKJ5i0VnMQsy2N05f1SrV3m0SY8iMo6bt:PbM0GIKJ5kmKh8iMJ
Threatray 847 similar samples on MalwareBazaar
TLSH T1DC25DFE1F793E302DF1B5438403EAD7263151DE4A080B1EB1AD63F5736D5B22690AB7A
TrID 56.5% (.EXE) Win64 Executable (generic) (10522/11/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
dhash icon 78b97864b0b97852 (5 x SnakeKeylogger, 4 x AgentTesla, 4 x Formbook)
Reporter adrian__luca
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
177
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83
Verdict:
No threats detected
Analysis date:
2025-03-07 12:34:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6ba1ad10-e195-4b8f-89e7-333a6ccb3b4e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67cb010fc8d04e92a4bfbded
Tags:
virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Unauthorized injection to a recently created process
Restart of the analyzed sample
Searching for synchronization primitives
Creating a file
Launching the default Windows debugger (dwwin.exe)
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated obfuscated packed packed packer_detected
Link:
https://www.filescan.io/uploads/67cafebd4a3011c802ca5a1b/reports/65d01c4e-585f-46ba-8052-d362ede0bd1b/overview
Verdict:
Malicious
Labled as:
Jalapeno.Generic
Link:
https://www.hybrid-analysis.com/sample/bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/acd06f2f-4ce1-4b82-8ccd-44f20e61eb8d
Result
Threat name:
MSIL Logger, MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1631801
Signature
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Yara detected MassLogger RAT
Yara detected MSIL Logger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83/
Threat name:
ByteCode-MSIL.Trojan.Jalapeno
Create hunting rule
Status:
Malicious
First seen:
2025-03-06 22:50:42 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
35
AV detection:
23 of 38 (60.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xx5u6mgj7m5j75mfretaqzcdkgajl7hniyzxdwqjtonns56vhsbq._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
Similar samples:
6328f5ad5d16dbe08046450470e8ca083f07a10aa97401b0425a59d224492b13
MassLogger
6b5a7dcaa537f98a500960b08ce7c1cf699b48148741a33d3f17bfdf3de6387c
MassLogger
95f81f46743d13897f53745199364a9bb763618f5965395c4addfcb67a836e5e
MassLogger
a5d900e943c21fff298ec48df51f2085b7769375e42d58bc2845d805d43fe24f
MassLogger
a87e9736d9566c024b1c9c63d8e742fa4c91cebd0a7de06c065d4412cfbed83d
MassLogger
bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83
MassLogger
error
MassLogger
+ 837 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/250307-rhs6ss1wdz/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b1c13c55-ca21-4b8d-b6f6-0de5c80b10b5
Unpacked files
SH256 hash:
bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83
MD5 hash:
e11d8f594c6125a80c2b62d39d568497
SHA1 hash:
3105b1fc0b609b264fe5187ab3d0379825288e77
Link:
https://www.unpac.me/results/78b52902-2579-4ba1-8ae5-d119189fb14f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.50
Link:
https://yomi.yoroi.company/submissions/bdfb4f30c9fb3a9ff5858926086443518095fced463371da099b9ad977d53c83

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments