MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223
SHA3-384 hash:	fe9143dd08777801c6d544f6cc46bbc2cc2d0b3c4d49596bd7019daf69178de30441237194460de58a5412a97b575abd
SHA1 hash:	dd6c14db8ea37c25d338de6f1a2a0fee0a6a1c3d
MD5 hash:	ff6680d713370bfafd4ceca29ffd9854
humanhash:	undress-lima-louisiana-illinois
File name:	Bper Banca_Copia del Pagamento.pdf.bat
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	430'630 bytes
First seen:	2025-03-24 07:59:26 UTC
Last seen:	2025-09-24 11:50:27 UTC
File type:	bat
MIME type:	text/plain
ssdeep	12288:AJqmJRKjWu8uKE+vKx188sPBGKZAxvx8onJ:YqmJYjWu8ZvmOP0XfDJ
Threatray	742 similar samples on MalwareBazaar
TLSH	T17E94E1725DC4A9DB4A1EFF2AC167664E2293DDBE3C7021CD37632ED89B6F001A51B901
Magika	vba
Reporter	lowmal3
Tags:	bat BPERBanca MassLogger Spam-ITA Telegram

Intelligence

File Origin

# of uploads :

2

# of downloads :

89

Origin country :

DE

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

Avis de Paiement Electronique Entrant (BEA).eml

Verdict:

Suspicious activity

Analysis date:

2025-03-23 11:12:59 UTC

Tags:

arch-exec attachments attc-arch

Link:

https://app.any.run/tasks/0c2f4880-c35b-44fb-b27b-465381d2e40a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67e246f6bb84e066269ebb7c

Tags:

obfuscated xtreme shell

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

masquerade obfuscated powershell

Link:

https://www.filescan.io/uploads/67e1110da08e28b31d9ef04a/reports/661edc48-5376-430c-8d99-e7f2b85439b8/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223

Result

Verdict:

MALICIOUS

Result

Threat name:

MSIL Logger, MassLogger RAT

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1646802

Behaviour

Behavior Graph:

n/a

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223/

Threat name:

Win32.Trojan.Leonem

Status:

Malicious

First seen:

2025-03-21 13:32:45 UTC

File Type:

Text (Batch)

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=z3kazlxhc34vnjg3jwlpcdnkroapnqydohzesajjw3hsclop2irq._file

Verdict:

malicious

Label(s):

novastealer

donut_injector

Similar samples:

14f6cc465c16b2b06dca025ac97d6824d0793554b1599b68e401379b4f2cb12a

3cfe012c870ebeb15a1288b7cdb3b50016e2329c7fbd63ef18f189727269d49c

6357866d9a4110843c44f4a4986d50a0af5380f4e185373d062f123d73fe63d9

8c98088aa44045c4b7a4a7bebe5d98480fe5cad627b772554ebd0a324cafa37c

c2c192862a68990222cacb9279cacf63370b015a429d2c39d94cbe15cf987388

+ 732 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

collection discovery execution

Link:

https://tria.ge/reports/250324-jv2ppstwct/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Accesses Microsoft Outlook profiles

Command and Scripting Interpreter: PowerShell

Looks up external IP address via web service

Malware family:

DonutLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/ced40caee716/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

bat ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample