MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d42e838fc8e2a07efdeb9ee11c8078d86ce797de599c633251927f6a24d7dea5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	d42e838fc8e2a07efdeb9ee11c8078d86ce797de599c633251927f6a24d7dea5
SHA3-384 hash:	aa54826410cc4bc30a958bfd5aa615faa461d13fc8f34a087d9ac7cf6916e75b987ef058ac46ce8d7c7b487f3c3ced23
SHA1 hash:	af5f73299242b5509c94a6c3daf3e8eed75dd2fe
MD5 hash:	f0e7185846d5e2918816fd651e9f178b
humanhash:	alanine-golf-green-hot
File name:	FV00620224400 009384766589 6645.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	16'896 bytes
First seen:	2020-08-13 11:08:30 UTC
Last seen:	2020-08-13 12:24:47 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'743 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	384:1HFC1ehNsVKAna6NvRAI0pJbD27jyHptYcF0Kc03K:5hL0aYAI0pJbD27jyJtYcF0Kc6K
Threatray	520 similar samples on MalwareBazaar
TLSH	1B72823D2AA4F133C535C6B30993A251FA348907B4836F2930CDD61BBF5A99477C3A69
Reporter	abuse_ch
Tags:	DHL exe MassLogger

abuse_ch

Malspam distributing unidentified malware:

From: "DHL Customer Support" <luis_manzano_dhl@gmail.com>
Subject: DHL Failed Shipment Notification:6174333620
Attachment: FV00620224400 009384766589 6645.r00 (contains "FV00620224400 009384766589 6645.exe")

Intelligence

File Origin

# of uploads :

2

# of downloads :

71

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45109/

Detection(s):

SecuriteInfo.com.Generic.mg.f0e7185846d5e291.4606.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Launching a process

Creating a process with a hidden window

Creating a file

Using the Windows Management Instrumentation requests

DNS request

Sending an HTTP GET request

Sending a UDP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/425951

Signature

Bypasses PowerShell execution policy

Machine Learning detection for sample

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d42e838fc8e2a07efdeb9ee11c8078d86ce797de599c633251927f6a24d7dea5/

Threat name:

Win32.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-08-13 11:10:08 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2qxihd6i4kqh57plt3qrzady3bwopf66lgoggmsrsj7wujgx32sq._file

Verdict:

suspicious

Similar samples:

065011f5098f869c79ff098a104765fa08050cfef16bac98b0944108de1ebee4

4534997b5b146c7caebb2f398e7ea0f2bbf434af23155ad13b0acd09b0487325

89af10238032ab225e998887850c3910abd7183e67018abfe56b0bdebf2d50d9

8f8324aa2244c6ecc4369ef6e5ea25b405ecf48aef96e34cc04c56f6ad240ade

95d334eb3cabab89dede94fa1fdfb66560e7ca453ac25be1729a5c0d2e783934

9d12d73cdddda4b11bbfa38b1bc056e20063a75f38decb5e8af5e6a30c078673

a4df7bd8daff5a4723055c7589244e1719c45223f09f42b06a621aad5ee1f2f4

ac3d6770654e9274a348c63c14b7b057ab38ff81a2377aec01a987ddb9e6ed82

ce41031b56cdb4cf97a4c9e24b14ffd16672719457b5a394daa7a4ccb91591bf

f4bf32943d6b14bf9e025c20f0fb7342982c025ba64b151687a99202091bf2eb

+ 510 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware spyware stealer family:masslogger

Link:

https://tria.ge/reports/200813-dyfy7648rn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of web browsers

Blacklisted process makes network request

MassLogger log file

MassLogger

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d42e838fc8e2a07efdeb9ee11c8078d86ce797de599c633251927f6a24d7dea5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 14cfa5cbf65917ece32f9b3a70dd068b1b85e73c8a8f30a465f09d515db27bca

exe d42e838fc8e2a07efdeb9ee11c8078d86ce797de599c633251927f6a24d7dea5

(this sample)

Dropped by

MD5 3a814121fb31b8b257a4164adf89bedc

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/45109/

Dropped by

SHA256 14cfa5cbf65917ece32f9b3a70dd068b1b85e73c8a8f30a465f09d515db27bca

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample