MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc976126805d59f17a49219bf29d4de6707a8972ef94e04f1f9d0e26746854e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc976126805d59f17a49219bf29d4de6707a8972ef94e04f1f9d0e26746854e7
SHA3-384 hash: bbb451ff38151b284e1e394914f3a231161eebf28aaab93126c8212cc49ebdfe403efeff7691306450ab510642775f3e
SHA1 hash: 5ae31de995c9057cd455840a0af9c5fadde86063
MD5 hash: c94c6c92d872dcccb6b7674ae5edfa4f
humanhash: jersey-fourteen-charlie-angel
File name:IDBI BANK JUNE 2020 Statement.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:2'205'696 bytes
First seen:2020-06-08 08:39:59 UTC
Last seen:2020-06-08 10:22:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:Vt6Nrn3d9F1iPMTVTG+hMJeWbOU6gkgc5BDb5bvOPjj61yPCtJ7O:qj9FmCTGFJeWbTXkZJJvOP3qoWJ7
Threatray 795 similar samples on MalwareBazaar
TLSH 5FA5AE26B896580CC82D467540BDA9C7B63BAB463E428B1F7A9FA30C5F0375F7B1502D
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: cloudhost-67388.au-south-1.nxcli.net
Sending IP: 103.224.90.42
From: IDBI Bank <neft@idbi.com>
Subject: IDBI BANK JUNE 2020 Account Statement
Attachment: IDBI BANK JUNE 2020 Statement.CAB (contains "IDBI BANK JUNE 2020 Statement.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WFR.13712.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:37:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zslwcjualvm7c6sjegn7fhkn4zyhvcls56koaty7tuhcm5dikttq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
11fb01319a28b6a6f8163f389fd6bb7ead8d5d29cfb6e802c43314ca5f0ce960
MassLogger
22d10edc3d0457dd81ee6cd9353e76b3208f8a549c290b80dea1efbbbe120c0b
MassLogger
4dfa820d0e37418dbd81c9c217608dac6dc1b59391c0e49839662f522edd26a1
MassLogger
5d1e3dde61df9647adda8f315a818eee234ce948c89e8083060d84801dff15c1
MassLogger
7b6cb4a94f2899f6363bbaeab018125a20310d9ad1d22b121d004803914fb378
MassLogger
8185bd02c507e6433d03c12e5f8b94b574d2f2ebb597e766563fd28295b5d681
MassLogger
873d9e2252783bc8e2e14a30b8f85f3034a8fbf6ade7aaa24a8173fb85dd092c
MassLogger
97430106f3fbf62f0c11f473012392d5b9eaeade9a0f2c6c7ea21e8d6d69f02c
MassLogger
b51612fb244526a66524e234ccae2d57f1c98a37080fd94664626bcdcf6c4bbb
MassLogger
dde62265df0b255aa06ac36fe0ac09ba40c87a92c4d29d4b823227c68a29e869
MassLogger
+ 785 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger agilenet ransomware spyware stealer
Link:
https://tria.ge/reports/201109-k8xkcsqnqs/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Reads user/profile data of web browsers
Executes dropped EXE
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 302afd42a5cbeef7d6709bdd6a82f7ccb04403c06ac99af026909126733d5e90

MassLogger

Executable exe cc976126805d59f17a49219bf29d4de6707a8972ef94e04f1f9d0e26746854e7

(this sample)

  
Dropped by
MD5 9bb0e81e2fd49906653b9b696c6c6161
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 302afd42a5cbeef7d6709bdd6a82f7ccb04403c06ac99af026909126733d5e90

Comments