masslogger | e98968f1589b8053634f973297a144deb8772c01acf510be339ef041b66f085d | Triage

Sharing

General

Target

e98968f1589b8053634f973297a144deb8772c01acf510be339ef041b66f085d
Size

857KB
MD5

4d859cea6d19e83e2839654455263616
SHA1

01e17105c0afa7c6e9069994a6ea0a21186e651e
SHA256

e98968f1589b8053634f973297a144deb8772c01acf510be339ef041b66f085d
SHA512

97f8683d7b42ecef5b1a0d15b4152d1a74c59acbbaf2f6937d60ff4bf3c796fdbe0971d4d26ba407e02ffa39756ddd7c271345ea02278981e08339e28ef1cdbe
SSDEEP

12288:EHzSNWU+aRAGfhIbr6PUezLZlq6bCkDQYXi1YV9QfNMTxP0eoPt0bbghpQ37r6xv:EHkWURfhI/6MALNgMndzhgQ3qyrD7OR

Score

10^/10

masslogger

Malware Config

Signatures

MassLogger Main Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/HALKBANK.exe	family_masslogger

Masslogger family
masslogger

Files

e98968f1589b8053634f973297a144deb8772c01acf510be339ef041b66f085d
.zip
HALKBANK.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ