MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0acf32b7f43ea4ee1b1fb0119f570d3422363a64626fc8afab8e6ede5a1aa2cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0acf32b7f43ea4ee1b1fb0119f570d3422363a64626fc8afab8e6ede5a1aa2cd
SHA3-384 hash: 851707f1df1d3df969a3fa9dfae1958665b5c54fed22910ef8acc46a8be3b88d1b908402050ac690a2ce0b01b90a7789
SHA1 hash: 21b47974b7d7741b01a4fffd468ba97226db9297
MD5 hash: 14152cf570b27475e783c0388fc5ff07
humanhash: saturn-glucose-cardinal-robert
File name:Halkbank_Ekstre_20200521_082357_541079 3.r00
Download: download sample
Signature MassLogger
Create hunting rule
File size:548'178 bytes
First seen:2020-10-17 06:54:18 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:1ehzvnLP4gAB+9IjnLjJaVwzi6+WILSiofQXGzzg:1MvjGB+9IjnLyf6+dXGzzg
TLSH D0C423DB1AC193E93562806352B7B369C14D7F5A67338B8811ABC9928857EF518F3C0F
Reporter abuse_ch
Tags:geo Halkbank MassLogger r00 TUR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ne.netbotixapi.live
Sending IP: 45.95.171.134
From: HALKBANK.E-EKSTRE-halkbank.com.tr <info@netbotixapi.live>
Subject: T.HALK BANKASI A.S. 01.01.2019 - 16.10.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_20200521_082357_541079 3.r00 (contains "Halkbank_Ekstre_20200521_082357_541079.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.30624.10696.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0acf32b7f43ea4ee1b1fb0119f570d3422363a64626fc8afab8e6ede5a1aa2cd/
Threat name:
ByteCode-MSIL.Infostealer.Maslog
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 21:28:12 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=blhtfn7uh2so4gy7waiz6vyngqrdmotemjx4rl5lrzxn4wq2ulgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0acf32b7f43ea4ee1b1fb0119f570d3422363a64626fc8afab8e6ede5a1aa2cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 0acf32b7f43ea4ee1b1fb0119f570d3422363a64626fc8afab8e6ede5a1aa2cd

(this sample)

MassLogger

Executable exe 348acef68bed5a0d2f034135b22cedae642fe96251ab3d7ad150163403c3a145

  
Dropping
MD5 9308faccd859418beb5a696d70329f9a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 348acef68bed5a0d2f034135b22cedae642fe96251ab3d7ad150163403c3a145

Comments