masslogger | 7cfbde8e87809e872fa1dc3d178d4644cf19e921534c746c05ada8a7bc573d17 | Triage

Sharing

General

Target

7cfbde8e87809e872fa1dc3d178d4644cf19e921534c746c05ada8a7bc573d17
Size

480KB
MD5

5fb92ca8d14f90f4fec0016841ea1bc4
SHA1

6cb52a7a836ecfee7698b6f2469a3b17e9f2a354
SHA256

7cfbde8e87809e872fa1dc3d178d4644cf19e921534c746c05ada8a7bc573d17
SHA512

3e67079eb7322f5430c1f43fbb09c3916243defad4c9f8068da5d77bc6732e59ff261ad4bd0b750d23e0a90d639d19077f3d17821d1d9f3ba7d1f0eeb7c1f7e2
SSDEEP

12288:UrQErMg+AYDYTc6S91RkGFb/eZimbRnPUWLMljjSqR9ySnkGI7L7:UcEIAiiR6NFb/GbdnpijjvR9y5Gg

Score

10^/10

masslogger

Malware Config

Signatures

MassLogger Main Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/Ziraat Bankasi Swift Messaji.exe	family_masslogger

Masslogger family
masslogger

Files

7cfbde8e87809e872fa1dc3d178d4644cf19e921534c746c05ada8a7bc573d17
.rar
Ziraat Bankasi Swift Messaji.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ