MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97430106f3fbf62f0c11f473012392d5b9eaeade9a0f2c6c7ea21e8d6d69f02c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 2 Yara 1 Comments

SHA256 hash: 97430106f3fbf62f0c11f473012392d5b9eaeade9a0f2c6c7ea21e8d6d69f02c
SHA3-384 hash: 9b6cad021cb4efc3f23e201989df2219fc9046a48c4a086d78ca196e7c5c3b70377fae4009a6628d134c5ca352304d16
SHA1 hash: 96dfe8d71945e32732895f5f43146225844e23de
MD5 hash: 11e9c56a731fbc422bf3cf39b31c107f
humanhash: alanine-zulu-potato-nebraska
File name:Halkbank_Ekstre_20200630_080918_33024.exe
Download: download sample
Signature MassLogger
File size:1'434'112 bytes
First seen:2020-06-30 17:39:01 UTC
Last seen:2020-06-30 18:48:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:2KGvTd25VRxkgdocSP0rRGEcy0kGQsLw02tSHzwqNBMiEK7pnMJKhRAvUw/dQ:Q45VRgNEcy0kGd6tSH3NKiVa8TA5d
TLSH 1A656B2AB84A9499C5191536C4BDAEC3A7236D853B638A0E795F370C6E3231B3F1711F
Reporter @abuse_ch
Tags:exe geo Halkbank MassLogger TUR


Twitter
@abuse_ch
MassLogger SMTP exfil server:
smtp.yandex.com:587

Intelligence


Mail intelligence No data
# of uploads 2
# of downloads 37
Origin country FR FR
CAPE Sandbox Gathering data
ClamAV SecuriteInfo.com.Artemis11E9C56A731F.8686.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/97430106f3fbf62f0c11f473012392d5b9eaeade9a0f2c6c7ea21e8d6d69f02c/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 17:04:36 UTC
AV detection:22 of 31 (70.97%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:masslogger
Link: https://tria.ge/reports/200630-zmp7dp45mx/
Tags:ransomware spyware stealer family:masslogger
VirusTotal:Virustotal results 20.83%

Yara Signatures


Rule name:masslogger_gcch
Author:govcert_ch

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

Executable exe 97430106f3fbf62f0c11f473012392d5b9eaeade9a0f2c6c7ea21e8d6d69f02c

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments