MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5fd82f7f599b1ed477a6f66388cbe0f2beec9fc28e83d35105cd3222a85d5ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5fd82f7f599b1ed477a6f66388cbe0f2beec9fc28e83d35105cd3222a85d5ab
SHA3-384 hash: 266ef96a5219caef743b4aa34d3d2cb015b6d2fe5440dd64aa79fa32fc2fe9673d21ad11acaaf8b23c49d2d12e89ce83
SHA1 hash: 7e8ba7390d220e04a5a9c3a84d56601ee2cc3a58
MD5 hash: e51a3a4a1eba90ef1e6c685f9363cbca
humanhash: fourteen-delaware-east-juliet
File name:SecuriteInfo.com.Generic.mg.e51a3a4a1eba90ef.31792
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'255'936 bytes
First seen:2020-12-08 11:40:17 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 24576:S69K4wYAGPqxurasL73yigGccIOvzXt48B6/l9HPJced7X:D9K4wYAGPqxsyi5ccIOrd480Ld7
Threatray 391 similar samples on MalwareBazaar
TLSH 42459F2839FF9019F1B3EFE26FD8B597DDEEFB72150A605A20414307C612A81ED5253A
Reporter SecuriteInfoCom
Tags:MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107240/
Detection(s):
SecuriteInfo.com.Generic.mg.e51a3a4a1eba90ef.31792.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/557857
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large strings
.NET source code references suspicious native API functions
Binary contains a suspicious time stamp
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5fd82f7f599b1ed477a6f66388cbe0f2beec9fc28e83d35105cd3222a85d5ab/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 09:21:29 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
23bd17fba8c0cb660dada2c952431dc7e335bbdfb8e34078da941a29652526d5
MassLogger
3d37c3617a157667f9e536996ce1f4e790060b8b8449f905bf9c1f5bcd09b7a9
MassLogger
3ee82cb6b92599b06273f1a48091fdbab0ca285fb8147501a0392b8a2eba583c
MassLogger
4be1e912f4b6f65dd938f0a6fa1f1d9b8d4c20fc25ac3c3189e10013c29e4dea
MassLogger
755b3b6ab9cb1b088a11c9ff66eec6a20754a2d27fd2bb5478ef702aa977605a
MassLogger
878e1a1b65cc05eb728bf4ce85b7ad87576bbc9c8465d1348c71cef4e8c098f2
MassLogger
897a44a1a5332bc964180ce5e0ee498e40929b9bb6d624f364a5be844599d757
MassLogger
c686c7b2fff2ad2853c1d450d44fcf96ff3df67f34205b6b4e0352153893c924
MassLogger
dd9fd40438d1819fb9f9d72ddc6f5d06c1651aa6543ca6560819d27a764c68d2
MassLogger
f86974cc3a2a1d06dcc4effe66d6e27380dd4e4e4fe254a1b88a3ea3c7e681c4
MassLogger
+ 381 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201208-qm647tgw2n/
Unpacked files
SH256 hash:
f5fd82f7f599b1ed477a6f66388cbe0f2beec9fc28e83d35105cd3222a85d5ab
MD5 hash:
e51a3a4a1eba90ef1e6c685f9363cbca
SHA1 hash:
7e8ba7390d220e04a5a9c3a84d56601ee2cc3a58
Link:
https://www.unpac.me/results/219802d7-ed2a-48bc-ada8-516af19f66c4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f5fd82f7f599b1ed477a6f66388cbe0f2beec9fc28e83d35105cd3222a85d5ab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MassLogger

DLL dll f5fd82f7f599b1ed477a6f66388cbe0f2beec9fc28e83d35105cd3222a85d5ab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/898531/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/107240/

Comments