MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71ecd4d42b141e998240693218289e504fce32379d6ae8c6008420d8ee4fb60c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71ecd4d42b141e998240693218289e504fce32379d6ae8c6008420d8ee4fb60c
SHA3-384 hash: 8fbaab0fc70bb3806f13639e1da0ba0d90a20f96380aebef37b70bfe52dd9dfdb5c5b4050e0640d63de21e82f0cf32be
SHA1 hash: e7de350871ee0a46825a709738c2686a94364300
MD5 hash: 0946f7172c6ac0bacd4d4d73a46dea24
humanhash: charlie-island-high-island
File name:Airox Nigen Inquiry 3004657.rar
Download: download sample
Signature MassLogger
Create hunting rule
File size:263'648 bytes
First seen:2020-08-05 11:52:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:78V51aUB5mNBGdUus3x+sOXQVueMsS7fm+b:wVLaUGNBGM/jBSq+b
TLSH 5644230F8CF98696594DC6B0C911FF4E876F50AB1A9091E71CD08137B2B690F5CBAAF1
Reporter abuse_ch
Tags:MassLogger rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: airroxnigen.com
Sending IP: 185.222.57.136
From: purchase@airroxnigen.com
Subject: RE: Airox Nigen Inquiry
Attachment: Airox Nigen Inquiry 3004657.rar (contains "Airox Nigen Inquiry 3004657.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71ecd4d42b141e998240693218289e504fce32379d6ae8c6008420d8ee4fb60c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 11:54:08 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ohwnjvblcqpjtasanezbqke6kbh44mrxtvvorrqaqqqnr3spwyga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/71ecd4d42b141e998240693218289e504fce32379d6ae8c6008420d8ee4fb60c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 71ecd4d42b141e998240693218289e504fce32379d6ae8c6008420d8ee4fb60c

(this sample)

MassLogger

Executable exe 00c654d5c39fed0a4b4a1f04c45399c3750608f1b307796a5a7d2fca9478344d

  
Dropping
MD5 a69aede9e08d473cf9dce9078b21c1a5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 00c654d5c39fed0a4b4a1f04c45399c3750608f1b307796a5a7d2fca9478344d

Comments