MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e1cd9e8f679705e731dc149fa74f1e9730337cc848095fc0dd9edb52a52441a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e1cd9e8f679705e731dc149fa74f1e9730337cc848095fc0dd9edb52a52441a
SHA3-384 hash: bd8fa49e1a6bac4fc866c71fe66333490935fbcda64ac248a3fa2e9b858a2a324e73d656357b29d0d4b035f324218c2e
SHA1 hash: eae38c17a93911eb11568181ab5bd1701e9e2be0
MD5 hash: 4dd215c65e618acde24952e800907184
humanhash: spring-kentucky-undress-oxygen
File name:Ziraat Bankasi Swift Mesaji.r00
Download: download sample
Signature MassLogger
Create hunting rule
File size:621'252 bytes
First seen:2020-08-05 11:35:52 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:gRG/4xFg/AewFwhVeccZ0eguHv75NPTL0zyNwPjMc9Q4CdAo+sk9O0:yxFgoxYVOP75x0zywMOu/k9O0
TLSH FAD423BBABD4888373F8F220A378AB55C5E7E738E44810CF75D8279FA3907C94195961
Reporter abuse_ch
Tags:geo MassLogger r00 TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ileti.ziraatbank.com.tr
Sending IP: 45.138.172.58
From: ZIRAAT BANKASI <ziraatbank@ileti.ziraatbank.com.tr>
Reply-To: ZIRAAT BANKASI <ziraatbank@ileti.ziraatbank.com.tr>
Subject: 11000, USD Swift Bildirimi
Attachment: Ziraat Bankasi Swift Mesaji.r00 (contains "Ziraat Bankasi Swift Mesaji.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5e1cd9e8f679705e731dc149fa74f1e9730337cc848095fc0dd9edb52a52441a/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-05 11:37:11 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lyont2hwpfyf44y5yfe7u5hr5fzqgn6mqsajl7an3hw3kkssiqna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5e1cd9e8f679705e731dc149fa74f1e9730337cc848095fc0dd9edb52a52441a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 5e1cd9e8f679705e731dc149fa74f1e9730337cc848095fc0dd9edb52a52441a

(this sample)

MassLogger

Executable exe 6355c80bc28b3567eb84ed261940bfd469c5482efa5b20ff46b7aa221ad0d7fb

  
Dropping
MD5 254868d844df8a86364ca79bbe786a5a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6355c80bc28b3567eb84ed261940bfd469c5482efa5b20ff46b7aa221ad0d7fb

Comments