MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abd8fde4d47d868c30b0a5d0ee3ad397a4ad4e3e3e4b8f435682a3c7e5fefd1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abd8fde4d47d868c30b0a5d0ee3ad397a4ad4e3e3e4b8f435682a3c7e5fefd1b
SHA3-384 hash: 129f44a27d772220cb9ac84f43a477d6ba5aa23e2bf6ee6b5175e47bc34f7d4b4e2ad5a8e814667018757e7cbb10448c
SHA1 hash: 63683c5a44fb2a4d284f4599464f7a186e681b5a
MD5 hash: 0ca6dd336386ee56298b3accdd60fdc8
humanhash: sixteen-ink-saturn-fourteen
File name:Halkbank_Ekstre_20200521_082357_541079 1.r00
Download: download sample
Signature MassLogger
Create hunting rule
File size:832'681 bytes
First seen:2020-10-16 13:51:47 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 24576:WjXK4xz4oSJAknhmxBAO2ltS36kE0C/Wg7B1/UEYSX:Wj69Fi+hmxj2/SJEUr6
TLSH 7C0533C6522ED269D73BADBF8ADBBC034A7CB1409F9620D2545D17C7AC04272D7B0A72
Reporter abuse_ch
Tags:geo Halkbank MassLogger r00 TUR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ne.netbotixapi.live
Sending IP: 45.95.171.134
From: "HALKBANK.E-EKSTRE-halkbank.com.tr" <info@netbotixapi.live>
Subject: T.HALK BANKASI A.S. 01.01.2019 - 16.10.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_20200521_082357_541079 1.r00 (contains "Halkbank_Ekstre_20200521_082357_541079.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/abd8fde4d47d868c30b0a5d0ee3ad397a4ad4e3e3e4b8f435682a3c7e5fefd1b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vpmp3zgupwdiymfquxio4owts6sk2tr6hzfy6q2wqkr4pzp67unq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/abd8fde4d47d868c30b0a5d0ee3ad397a4ad4e3e3e4b8f435682a3c7e5fefd1b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

r00 abd8fde4d47d868c30b0a5d0ee3ad397a4ad4e3e3e4b8f435682a3c7e5fefd1b

(this sample)

MassLogger

Executable exe 7428f5ccb3fa2d0ba8b295efd15c9acc87674180aa1d3bf71e8b91cd0a038381

  
Dropping
MD5 e948467221e323c2c5cbce0af22d723c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7428f5ccb3fa2d0ba8b295efd15c9acc87674180aa1d3bf71e8b91cd0a038381

Comments