Overview

overview

10

Static

static

sZ5JiFfRsBQ6Tku.exe

windows7_x64

10

sZ5JiFfRsBQ6Tku.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sZ5JiFfRsBQ6Tku.exe

  • Size

    1.1MB

  • Sample

    200709-z7lrla7q1j

  • MD5

    d685eb26c1eb33c30201f51712f095ce

  • SHA1

    360a6390533be7bdff392f115db5011f9ffebf10

  • SHA256

    33bbefb4d3bb2a66e713a55da6b852df10241fb371ebda3e5a39a761bacca0b3

  • SHA512

    0d7562e83bd33195d45f3f5441725eeeb942c3fd9c9dd468fe9c2e30a043fa34b00db403d18fb37d7dfb5d66ac4569b7fe2c89295248880b982ff9b3d379b2d6

Score
10/10
massloggerspywarestealer

Malware Config

Targets

    • Target

      sZ5JiFfRsBQ6Tku.exe

    • Size

      1.1MB

    • MD5

      d685eb26c1eb33c30201f51712f095ce

    • SHA1

      360a6390533be7bdff392f115db5011f9ffebf10

    • SHA256

      33bbefb4d3bb2a66e713a55da6b852df10241fb371ebda3e5a39a761bacca0b3

    • SHA512

      0d7562e83bd33195d45f3f5441725eeeb942c3fd9c9dd468fe9c2e30a043fa34b00db403d18fb37d7dfb5d66ac4569b7fe2c89295248880b982ff9b3d379b2d6

    Score
    10/10
    spywarestealermasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks