Overview

overview

10

Static

static

Company Info.exe

windows7_x64

10

Company Info.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Company Info.exe

  • Size

    869KB

  • Sample

    200707-c68q3dl966

  • MD5

    3619d3ebb45aa02a640af44be1c1cda1

  • SHA1

    b38e409b0226de9221201d2be44c08f633b4106e

  • SHA256

    0c3a54b9d65c5d6aff6d565f3fd50be5db7c7a9f8a14bf760b82e65d4de24730

  • SHA512

    e574e52e0cd56a7f7a5bd687123a552cb92dd9373518930bb6d4423495e8629cdbefa7bc5d8a30e20fa0a944ad1d8a6e567aeaf0054a91eac085b594635d49eb

Score
10/10
massloggerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\E2C1E8F1FA\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/7/2020 9:46:33 AM MassLogger Started: 7/7/2020 9:46:27 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Company Info.exe As Administrator: True

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Dmacdavid

Targets

    • Target

      Company Info.exe

    • Size

      869KB

    • MD5

      3619d3ebb45aa02a640af44be1c1cda1

    • SHA1

      b38e409b0226de9221201d2be44c08f633b4106e

    • SHA256

      0c3a54b9d65c5d6aff6d565f3fd50be5db7c7a9f8a14bf760b82e65d4de24730

    • SHA512

      e574e52e0cd56a7f7a5bd687123a552cb92dd9373518930bb6d4423495e8629cdbefa7bc5d8a30e20fa0a944ad1d8a6e567aeaf0054a91eac085b594635d49eb

    Score
    10/10
    ransomwarespywarestealermasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks