MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2bc8267e688046e6098da9f7d8621f98dccc412ac5b0c15abd60c83af0c3fe3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2bc8267e688046e6098da9f7d8621f98dccc412ac5b0c15abd60c83af0c3fe3
SHA3-384 hash: 30d748208ed476ab1758cd028deaa65a93f308c9e202f14caa74cc52090bbc6059a278fc86fd007c5fa98d6eb70dc9c1
SHA1 hash: 2d6e6bdb382d25560a6d77519fd2c358f8c373f8
MD5 hash: 428b9ff9528a63ad66e87aa3b84c5749
humanhash: november-north-lima-mississippi
File name:Halkbank_Ekstre_20200521_080918_33046.CAB
Download: download sample
Signature MassLogger
Create hunting rule
File size:764'806 bytes
First seen:2020-05-21 10:54:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ooD7KSekVgK3+VCtPEuKnXV4xnlr/NcWLJ1tbDXnYX26/x7VglF:oW2STLRPEpXWXl9628ilF
TLSH 14F433BC3714A294CE403AC3E2B17059754BCD3B69A93B47DBB50379ADD20BF8A624D0
Reporter abuse_ch
Tags:cab geo Halkbank MassLogger TUR


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: eepsjc1-02.nexcess.net
Sending IP: 104.207.238.163
From: halkbank.e-ekstre@halkbank.com.tr
Reply-To: noreply@ol-markety.com
Subject: T.HALK BANKASI A.Ş.21.05.2020 Hesap Ekstresi.
Attachment: Halkbank_Ekstre_20200521_080918_33046.CAB (contains "Halkbank_Ekstre_20200521_080918_33046.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.UCB.17512.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:20:04 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip c2bc8267e688046e6098da9f7d8621f98dccc412ac5b0c15abd60c83af0c3fe3

(this sample)

MassLogger

Executable exe 06c6a06e460067910ca80f6a1bc57555aebb58a7c89ab1be632a72f6c1921a10

  
Dropping
MD5 6f7418933a75224a3502a87f3f4d7310
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 06c6a06e460067910ca80f6a1bc57555aebb58a7c89ab1be632a72f6c1921a10

Comments