MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb7ded03ebf91e2af0aefffa0f2476c31d26a3c7c009f3a42eaa1558ee02e26a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 13


Intelligence 13 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb7ded03ebf91e2af0aefffa0f2476c31d26a3c7c009f3a42eaa1558ee02e26a
SHA3-384 hash: 201daa35600689b52dd04257b4d4c2a11b5676eb1c30cc6febb09babf4542d466923b6613ed5fc0ad9548d305111e923
SHA1 hash: f215b784fad2f64323916814b34f6b21abe6f058
MD5 hash: 46773cdb7c7862066473e984ee35c0ed
humanhash: hot-sierra-september-pasta
File name:Justificante_transferencia_2025-10-28-08.56.02.58470 pdf .bat
Download: download sample
Signature MassLogger
Create hunting rule
File size:10'089 bytes
First seen:2025-10-30 12:17:25 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 48:MLm2sMiPOVdoR7ESmBqoTCfNSe81f3u9C1ePnO6tDfZPEEBIBS0wYoq:ML7H1c7loy6uQ1wO6tDfZPEo8Toq
Threatray 1'841 similar samples on MalwareBazaar
TLSH T1E22235571E09B95C03A5C6678821ED1952EB8CB01FB2D39EAD314B76706A236FCDB01F
Magika txt
Reporter Anonymous
Tags:bat MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Justificante_transferencia_2025-10-28-08.56.02.58470 pdf .bat
Verdict:
Malicious activity
Analysis date:
2025-10-30 12:18:51 UTC
Tags:
payload loader reverseloader evasion snake keylogger stealer susp-powershell
Link:
https://app.any.run/tasks/250fe871-a5b6-4fef-bd0f-2f69bb6b4042

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34795/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6903576d706befaf4eca5841
Tags:
obfuscate xtreme shell
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
DNS request
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Creating a window
Stealing user critical data
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 base64 evasive obfuscated obfuscated opendir overlay powershell
Link:
https://www.filescan.io/uploads/6903578ca3d16310952197d6/reports/7a2fd771-e2d1-4c47-ad65-f5a0c352f375/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/BAT.Netloader
Link:
https://www.hybrid-analysis.com/sample/eb7ded03ebf91e2af0aefffa0f2476c31d26a3c7c009f3a42eaa1558ee02e26a
Verdict:
Malicious
File Type:
text
First seen:
2025-10-30T11:29:00Z UTC
Last seen:
2025-10-31T00:29:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.BAT.Generic
Link:
https://opentip.kaspersky.com/eb7ded03ebf91e2af0aefffa0f2476c31d26a3c7c009f3a42eaa1558ee02e26a/results?tab=lookup
Score:
17%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/eb7ded03ebf91e2af0aefffa0f2476c31d26a3c7c009f3a42eaa1558ee02e26a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb7ded03ebf91e2af0aefffa0f2476c31d26a3c7c009f3a42eaa1558ee02e26a/
Verdict:
Malicious
Threat:
Family.SNAKE
Link:
https://tip.neiki.dev/file/eb7ded03ebf91e2af0aefffa0f2476c31d26a3c7c009f3a42eaa1558ee02e26a
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2025-10-28 09:22:21 UTC
File Type:
Text (Batch)
AV detection:
9 of 37 (24.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5n662a7l7epcv4fo775a6jdwymosni6hyae7hjbovikvr3qc4jva._file
Verdict:
malicious
Label(s):
novastealer
Create hunting rule
Similar samples:
009391083b79de327fc9b8b66f7ff3dac490adfb18c89727d6298090fc5a0e60
MassLogger
3c6a2a2899115e1071360a6f8a282e0e1c6dac8be6ba66b72b92fae857a08bfd
MassLogger
6370d7905a4128b8353f5cf24c895489be32fe53f5bac553364568abe07c31f4
MassLogger
864c37e89869ea3662f720df0acabf8cee0c861b5b908515f805746b432a7260
MassLogger
94dde278918e0eab10c0a5818653f73a779d19632fa3f6e603f146bcf709e732
MassLogger
b72ad9f5170c18afe5788fff799541fa6e034702ebde25f35279ea39e5385a67
MassLogger
eb4c64f160030cfee24f7fe0a49479bb538e746b2c73e9574f8fc80e36d3cae0
MassLogger
error
MassLogger
fd2a48d552d870aee951d4ab01b6a3ac73d2b6004e8a1a238de3a237599e0cb6
MassLogger
+ 1'831 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger collection discovery execution spyware stealer
Link:
https://tria.ge/reports/251030-pgrkgazqdz/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
MassLogger
Masslogger family
Malware Config
Dropper Extraction:
http://ia801507.us.archive.org/20/items/msi-pro-with-b-64_20251024/MSI_PRO_with_b64.png
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eb7ded03ebf91e2af0aefffa0f2476c31d26a3c7c009f3a42eaa1558ee02e26a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_Encoded_Powershell_Directives
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/34795/

Comments