MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd0770f10f7a7a2a09b68a03fc921cabf7434271ce8fe00fed9f6913ab55eada. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd0770f10f7a7a2a09b68a03fc921cabf7434271ce8fe00fed9f6913ab55eada
SHA3-384 hash: f307dfea66773372ec913d9db05cc757a20888b8b3178fdfac9301851efffc482a8672d76ad57537957301583f5f03f2
SHA1 hash: d3841f9220930921f4c16932e121de391846f9a3
MD5 hash: 81b8ea4b6164722c7a91511f8e3c0d93
humanhash: hot-violet-cold-single
File name:shipment GBC.scr
Download: download sample
Signature MassLogger
Create hunting rule
File size:739'840 bytes
First seen:2020-12-09 11:00:17 UTC
Last seen:2020-12-09 13:02:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 553802f9e2099976b11882b89029573d (3 x AgentTesla, 1 x MassLogger, 1 x Loki)
ssdeep 12288:qahxVyuYfl/45E4o4CTMGmqm21xeUt5a3x0e+QUD1ZP1B5xmuhAh5w:qNflQ5VRCTMWJxeUmhsDp/h6i
Threatray 624 similar samples on MalwareBazaar
TLSH DBF41251B5E58030E0A3537B0469E64246BEFDB64A729D9F5BD80C8C8FB50C1BB35BA3
Reporter abuse_ch
Tags:MassLogger scr

Intelligence

File Origin
# of uploads :
2
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
shipment GBC.scr
Verdict:
Suspicious activity
Analysis date:
2020-12-09 11:36:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2298dd3b-abcd-4062-9f14-4f4dc5652bfc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107448/
Detection(s):
SecuriteInfo.com.Artemis81B8EA4B6164.9857.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a UDP request
Result
Gathering data
Result
Threat name:
MassLogger RAT
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/558916
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Detected unpacking (creates a PE file in dynamic memory)
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Costura Assembly Loader
Yara detected MassLogger RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd0770f10f7a7a2a09b68a03fc921cabf7434271ce8fe00fed9f6913ab55eada/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-12-09 11:01:06 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7udxb4ippj5cucnwrib7zeq4vp3ugqtrz2h6ad7nt5urhk2v5lna._file
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
1939e43aaee73754652e6ca17cb8c0837c84539118de145864901b2449e1edd1
MassLogger
22f447f5336db462a0342b3a78f21706c643dab9d7517b8d96c148833926262b
MassLogger
5be73e98e79472632484157eb2f58f914dee24521fc6cb5f26c02709664a0413
MassLogger
7c49ac4366eb07c5e5a146356908ba9e2e7e1bb2630422821f93530f0e2ec2ed
MassLogger
84afce79b516a2535b4f063e9dd9aef84aa6288bdc65c4fa5dbbba0bc06727ec
MassLogger
8646b260a697968a6ccab899c59ed9c2ec6f750d6540e03644946d1f7e122bfd
MassLogger
9190ecab05b8d87ff3eb39ccf5e723739c1740dfb1adb42670163770fa98144b
MassLogger
b095032316de2f43af0557c35dd58ab254928f24a3b8e7cf4cf5c4dbac73ac56
MassLogger
c04d9dda88a75f4ed924e20617847a4d7a8ff729754e8ad66f3557fb90ed5d25
MassLogger
f5a368e8e1fd840abbe075db0a30756ca6297af3c9d3a8f9e1998f57e1204cbd
MassLogger
+ 614 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201209-xag3j29dhs/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
fd0770f10f7a7a2a09b68a03fc921cabf7434271ce8fe00fed9f6913ab55eada
MD5 hash:
81b8ea4b6164722c7a91511f8e3c0d93
SHA1 hash:
d3841f9220930921f4c16932e121de391846f9a3
Link:
https://www.unpac.me/results/da5ed619-a2fc-4010-baa5-e8f1ea8accfc/
SH256 hash:
b070e00bd8c1d3bb7e3f9e2925900a808fdd03a512ba8db138343239b4d3754d
MD5 hash:
db749f119a3ebc4bf2ab402657112bd1
SHA1 hash:
20142adf0617b937fb5221f859ad3d9a3b3c8bf4
Detections:
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/da5ed619-a2fc-4010-baa5-e8f1ea8accfc/
SH256 hash:
aab03ff04046b766302bcb37a7e41e2cdcab5f391317e6213087ae254dc684f2
MD5 hash:
83eeec205baf8f83a414137d4c221a5a
SHA1 hash:
6fa6aaf1e06a1d9ebf00fbf98ccefb46e71610d9
Detections:
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/da5ed619-a2fc-4010-baa5-e8f1ea8accfc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd0770f10f7a7a2a09b68a03fc921cabf7434271ce8fe00fed9f6913ab55eada

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe fd0770f10f7a7a2a09b68a03fc921cabf7434271ce8fe00fed9f6913ab55eada

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/107448/

Comments