MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d292e299d37f2d90e8fb3758b9c75f813c9ec310aa088b6c937a189f48ed048c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d292e299d37f2d90e8fb3758b9c75f813c9ec310aa088b6c937a189f48ed048c
SHA3-384 hash: ddf75d8d0e382246ef13614821994dfb8ad4918eb85784a86942445d7245b4c5995e550f1da543b767ae2148e5cc92d0
SHA1 hash: 5333520198a4c2d0275134cd1eb3796748364a18
MD5 hash: 8a932a3862de0daf9703f72f52f74dfe
humanhash: colorado-tennis-don-fifteen
File name:shim.vbs
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'423'812 bytes
First seen:2026-01-30 09:45:05 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 192:f6iBlej/rLZySUELXtoLQHwHn+jJtkAi1zJJt9bD0Q6fHHEoZGUUpY31WWfQnfUy:fWfX8vDzwJ3jPuei
Threatray 1'566 similar samples on MalwareBazaar
TLSH T1936513362E2FCFC46178B3B983921F5553DB1E8C2AA24E326DAD91811D72CF51B9C874
Magika txt
Reporter JAMESWT_WT
Tags:MassLogger MSI-STEGO26 vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/50819/
Detection(s):
SecuriteInfo.com.VBS.Agent-101.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69737de7f3cf908ba507b537
Tags:
obfuscate xtreme shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 fingerprint obfuscated powershell
Link:
https://www.filescan.io/uploads/697c7dc92ffccda0976417ef/reports/85edb74f-8880-4728-bca5-d519620e2e31/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/d292e299d37f2d90e8fb3758b9c75f813c9ec310aa088b6c937a189f48ed048c
Verdict:
Malicious
File Type:
vbs
First seen:
2026-01-22T08:45:00Z UTC
Last seen:
2026-02-01T07:27:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/d292e299d37f2d90e8fb3758b9c75f813c9ec310aa088b6c937a189f48ed048c/results?tab=lookup
Score:
22%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/d292e299d37f2d90e8fb3758b9c75f813c9ec310aa088b6c937a189f48ed048c
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d292e299d37f2d90e8fb3758b9c75f813c9ec310aa088b6c937a189f48ed048c/
Verdict:
Malicious
Threat:
Trojan.Win32.Zapchast
Link:
https://tip.neiki.dev/file/d292e299d37f2d90e8fb3758b9c75f813c9ec310aa088b6c937a189f48ed048c
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2026-01-22 13:00:14 UTC
File Type:
Binary
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2kjofgotp4wzb2h3g5mltr27qe6j5qyqvieiw3etpimj6shnasga._file
Verdict:
malicious
Label(s):
novastealer
Create hunting rule
Similar samples:
2d8bbcadfe1614de3baaf2a4cd63b1f7d566d5535571c2a59f4d48ca1539b92c
MassLogger
30d2391235b157a81c33a2a7716c3d07bd897b3d1cd663f24f9838ec3ac2eec3
MassLogger
3204af9817beaecaa95bb0b0d8b0e21232650503a4543009d6fb57a73afdc603
MassLogger
52e12c457102a51e41bd42ed8585673fa13c81d75aae5d7250f9b60d69f0f42d
MassLogger
65fdfb2fe35b497f7daf12505ca9ed686342b615b6d9b0b4b13af4ea390eb808
MassLogger
8d950928f9492e19a346689b43c077047d1ca80211714ab9adebd300f8bd1c11
MassLogger
cf518a1c6d447d1537802e21a32994e5fe3670e7521abe51bf20e96e3495bd22
MassLogger
e4ef9e3b63d39aa5f72cf8ee5d2f3cd3f7643d61ca6fff2169cb3e3eeb2d66b9
MassLogger
eb5c7c6370d533e6675ef2fb8b5f3f10cabc36584ddd3d3ad026af5266e84ed7
MassLogger
error
MassLogger
fe49bbc0cce0e57cdf3c9da9bcdedd0dc070f78cbc4a2b25d653cb2f67775466
MassLogger
+ 1'556 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger collection discovery execution spyware stealer
Link:
https://tria.ge/reports/260130-lrg71ags3c/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
MassLogger
Masslogger family
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/d292e299d37f2d90e8fb3758b9c75f813c9ec310aa088b6c937a189f48ed048c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ClamAV_Emotet_String_Aggregate
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/50819/

Comments