MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4febd0c1ee10c5d8170a1bffff5dbfe3cdbab949985f0bfa86036dc5396ddfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4febd0c1ee10c5d8170a1bffff5dbfe3cdbab949985f0bfa86036dc5396ddfd
SHA3-384 hash: e652fa1e1d45345c7c3f4871b4a2dd010ee4fd42243c41f37f5ce3f99976c4ed158a638115309565b870ba0f4ce1ffab
SHA1 hash: 552d0be04ff5e1ae6a813877a5f752a87f2e9a9f
MD5 hash: 2e2349b98f35a2fdd6c80e3c9c15a239
humanhash: finch-saturn-minnesota-sink
File name:Ekstre.r00
Download: download sample
Signature MassLogger
Create hunting rule
File size:457'713 bytes
First seen:2020-07-30 08:37:21 UTC
Last seen:2020-07-30 09:23:38 UTC
File type: r00
MIME type:application/x-rar
ssdeep 12288:f2t+1Tm1aGwtuUZlg+i2JxsDZXiNRDVZSnJNkOBg:Rx6xw0UZl2RibD/rQg
TLSH 6CA4237B29E53AE94CE826193CBA3697F50B405D9CEB5E6B015DC07A9307E2EB0125C8
Reporter abuse_ch
Tags:geo MassLogger r00 TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: ileti.ziraatbank.com.tr
Sending IP: 45.11.19.43
From: ZIRAAT BANKASI <ziraatbank@ileti.ziraatbank.com.tr>
Reply-To: ZIRAAT BANKASI <ziraatbank@ileti.ziraatbank.com.tr>
Subject: T.C. Ziraat Bankası Hesap Ekstresi
Attachment: Ekstre.r00 (contains "Ekstre.exe")

MassLogger SMTP exfil server:
mail.aydan.com.tr:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4febd0c1ee10c5d8170a1bffff5dbfe3cdbab949985f0bfa86036dc5396ddfd/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-07-30 08:39:03 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ut7l2da64egf3alqug7775o37y6nxk4utgc7bp5ima3nyu4w3x6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a4febd0c1ee10c5d8170a1bffff5dbfe3cdbab949985f0bfa86036dc5396ddfd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 a4febd0c1ee10c5d8170a1bffff5dbfe3cdbab949985f0bfa86036dc5396ddfd

(this sample)

MassLogger

Executable exe 12196207ffedfa2675b71f8c086df39c8ae73eb0fb2909674044ec3a45772d6b

  
Dropping
MD5 04d2ea1f4e3f5e0f1ea39bd84cffdfdd
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 12196207ffedfa2675b71f8c086df39c8ae73eb0fb2909674044ec3a45772d6b

Comments