MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97430106f3fbf62f0c11f473012392d5b9eaeade9a0f2c6c7ea21e8d6d69f02c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 2 Yara 1 Comments

SHA256 hash: 97430106f3fbf62f0c11f473012392d5b9eaeade9a0f2c6c7ea21e8d6d69f02c
SHA3-384 hash: 9b6cad021cb4efc3f23e201989df2219fc9046a48c4a086d78ca196e7c5c3b70377fae4009a6628d134c5ca352304d16
SHA1 hash: 96dfe8d71945e32732895f5f43146225844e23de
MD5 hash: 11e9c56a731fbc422bf3cf39b31c107f
humanhash: alanine-zulu-potato-nebraska
File name:Halkbank_Ekstre_20200630_080918_33024.exe
Download: download sample
Signature MassLogger
File size:1'434'112 bytes
First seen:2020-06-30 17:39:01 UTC
Last seen:2020-06-30 18:48:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:2KGvTd25VRxkgdocSP0rRGEcy0kGQsLw02tSHzwqNBMiEK7pnMJKhRAvUw/dQ:Q45VRgNEcy0kGd6tSH3NKiVa8TA5d
TLSH 1A656B2AB84A9499C5191536C4BDAEC3A7236D853B638A0E795F370C6E3231B3F1711F
Reporter @abuse_ch
Tags:exe geo Halkbank MassLogger TUR

MassLogger SMTP exfil server:


Mail intelligence No data
# of uploads 2
# of downloads 37
Origin country FR FR
CAPE Sandbox Gathering data
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 17:04:36 UTC
AV detection:22 of 31 (70.97%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:masslogger
Tags:ransomware spyware stealer family:masslogger
VirusTotal:Virustotal results 20.83%

Yara Signatures

Rule name:masslogger_gcch

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 97430106f3fbf62f0c11f473012392d5b9eaeade9a0f2c6c7ea21e8d6d69f02c

(this sample)

Delivery method
Distributed via e-mail attachment