Analysis
-
max time kernel
54s -
max time network
151s -
platform
windows7_x64 -
resource
win7 -
submitted
10-07-2020 18:02
General
-
Target
Attached AWB.exe
-
Size
943KB
-
MD5
63ae3d497fc808ba1f4c5109d76c457f
-
SHA1
6d7e6c8743f130c0a23551061516b47a9510729b
-
SHA256
10939877f109569dff853eef9ddb462dda69871bc04b44d45d1a784a21a208ba
-
SHA512
70ab3ea48525ffb2b5a354c46ae1684226d756855fd61859c705827b0c71cbefd88f5e5ce93cb720f0fe638b89b4b1a3736976798d6cbe0262c94b1effaf2ba5
Score
10/10
Malware Config
Signatures
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
MassLogger log file 1 IoCs
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Attached AWB.exe"C:\Users\Admin\AppData\Local\Temp\Attached AWB.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1496-1-0x0000000000000000-0x0000000000000000-disk.dmp