MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d202d4afe38b078d7aea0d9c1a89e2f0ec027e1555ce35328a293dcaef8bb25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d202d4afe38b078d7aea0d9c1a89e2f0ec027e1555ce35328a293dcaef8bb25
SHA3-384 hash: 3861173d0b51a6530daa68c9c28652e6285fcbd0ce926e161c2718cf8a895a4e94e5341ba63403a18d1bf90c69008786
SHA1 hash: 8b2f22ab2bbb55c78243ecdd0e2aa465fd60d144
MD5 hash: 988c76a8ba32622ea114119c21c6b8f9
humanhash: alpha-table-pluto-august
File name:T.HALK BANKASI A.Åž. 25.06.2020 Hesap Ekstresi.xz
Download: download sample
Signature MassLogger
Create hunting rule
File size:907'190 bytes
First seen:2020-06-25 13:22:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:fSp+VrtNsK8FJieiUHxxLDcFcid+1IeT2lty5zJeR3:trt0F8KxEOSE5zJw
TLSH 9815235FED8C37D73A85317FBA489CD4BC3E9C610396B10D799E0D9090ED34BAA91889
Reporter abuse_ch
Tags:geo Halkbank MassLogger TUR xz


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: mail15.lwspanel.com
Sending IP: 185.98.131.27
From: Türkiye İş Bankası <halkbank.e-ekstre@halkbank.com.tr>
Reply-To: noreply@ileti.isbank.com.tr
Subject: T.HALK BANKASI A.Ş. 25.06.2020 Hesap Ekstresi
Attachment: T.HALK BANKASI A.Åž. 25.06.2020 Hesap Ekstresi.xz (contains "T.HALK BANKASI A.Åž. 25.06.2020 Hesap Ekstresi.exe")

MassLogger SMTP exfil server:
mail.ereglitso.org.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.44022.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d202d4afe38b078d7aea0d9c1a89e2f0ec027e1555ce35328a293dcaef8bb25/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 13:37:29 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=juqc2sx6hcyhrv5oudm4dke6f4hmaj7bkvooguziukj5zlxyxmsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

zip 4d202d4afe38b078d7aea0d9c1a89e2f0ec027e1555ce35328a293dcaef8bb25

(this sample)

MassLogger

Executable exe c60b9f94ebece1e217b2724d77bd929dd208466813954315cb588887c6a21480

  
Dropping
MD5 c9a52acd2cb5a21a32cdeee85201d66d
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c60b9f94ebece1e217b2724d77bd929dd208466813954315cb588887c6a21480

Comments