MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4c25b70ae9ea0c7f4a7f028011167b7154ded11a0b8e90b1c7570ba9af1f2f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4c25b70ae9ea0c7f4a7f028011167b7154ded11a0b8e90b1c7570ba9af1f2f2
SHA3-384 hash: d62b4cd1d4fce830a7bdbbd367df18fa8a4ef41b94c7740e116353570cb043035f27c16d0fc61ddd0f19aab3487f3634
SHA1 hash: a85b66835bff96f8859743d9697c10eafd9ffb3f
MD5 hash: 84edf37fd0a467c34942b445017d2e9b
humanhash: florida-football-hot-six
File name:ORDER09775563.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:2'383'960 bytes
First seen:2020-10-15 13:06:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 12288:Ij0z/5+I+LpN93BZHgFz88V2JxrCGc1P3JS:tZM
Threatray 143 similar samples on MalwareBazaar
TLSH E1B54F3DADD42637D6BAD6B6C9F659CBF91179433112AC0E50DB03820A13B6B7EC241E
Reporter abuse_ch
Tags:exe MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
DNS request
Sending an HTTP GET request
Using the Windows Management Instrumentation requests
Creating a window
Reading critical registry keys
Setting a global event handler for the keyboard
Enabling autorun by creating a file
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/492527
Signature
.NET source code contains very large strings
Adds a directory exclusion to Windows Defender
Creates an undocumented autostart registry key
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Costura Assembly Loader
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4c25b70ae9ea0c7f4a7f028011167b7154ded11a0b8e90b1c7570ba9af1f2f2/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 12:00:33 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tbfw4fot2qmp5fh6auacelhw4ku33iruc4oscy4ovylvgxr6lza._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0290b4bba5483f6c9865c8b2a1df7e0756a6d5ade4a2dc5ced0a380a9988d35c
MassLogger
123765ca93c6c71f123934f0a1ea08487449d2bfab58f47f9c0a2d4cc645021b
MassLogger
2149d167c87cf15f48aa1852adcf96c9a62287a26496ff33892ecc67500d3be2
MassLogger
55bca504c5ff798d6c5d4431eff4dda8df6ebfca0db4d86b0f1bf770ff550a0f
MassLogger
6ea011e6a1836355936582525e455b151057c89b7f1780ab52c6f5c4cb19ddad
MassLogger
8f9f89be357d1d17b6281bf9f6caebfa97fdbfcb6aec50e4aa147d0e24e909e7
MassLogger
9b915d2e5f70b859d8c2eafc94bd593d3e53255444a5b4b651dfb9c2523d83d7
MassLogger
b8ad7398bf812d51b21f9ec51b8ffba7d3830dac0a949f09acea087066f4368b
MassLogger
c2c89da1518a4950cedec3129aa86fce21ccec502586e44a7f3b3757b44a1e1c
MassLogger
eed41a2c1215d2ca0ef2022172504a565b7a968e6263e173fceb6f1b1747d795
MassLogger
+ 133 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
stealer spyware family:masslogger
Link:
https://tria.ge/reports/201015-rz757xrjh6/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of web browsers
MassLogger
MassLogger Main Payload
Unpacked files
SH256 hash:
f4c25b70ae9ea0c7f4a7f028011167b7154ded11a0b8e90b1c7570ba9af1f2f2
MD5 hash:
84edf37fd0a467c34942b445017d2e9b
SHA1 hash:
a85b66835bff96f8859743d9697c10eafd9ffb3f
Link:
https://www.unpac.me/results/537adb42-fcfb-40cd-8399-9bf9dc097e80/
SH256 hash:
968127ae11422b68a1d834e1eedbadc7534891052b01f19900b5c0e2e260523f
MD5 hash:
7869cfa9f594081be3d605f57db85323
SHA1 hash:
95312f12abeccbc14ca87b891ddcc4c8d27fdcb6
Detections:
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/537adb42-fcfb-40cd-8399-9bf9dc097e80/
SH256 hash:
732f4dffa99a035ca9066b3328b508c63ae2ab78c6975ceb221f6a0e1159b64d
MD5 hash:
431d7d382ed81709097de3f2bb537a0c
SHA1 hash:
e1ae232e04ed203261a66bee63ba7ed5f49a1110
Link:
https://www.unpac.me/results/537adb42-fcfb-40cd-8399-9bf9dc097e80/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f4c25b70ae9ea0c7f4a7f028011167b7154ded11a0b8e90b1c7570ba9af1f2f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe f4c25b70ae9ea0c7f4a7f028011167b7154ded11a0b8e90b1c7570ba9af1f2f2

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/71415/

Comments