General

  • Target

    0176a34057e7db4cc4810bb8eedad9cd.exe

  • Size

    1012KB

  • Sample

    200711-ndmse5jaq2

  • MD5

    0176a34057e7db4cc4810bb8eedad9cd

  • SHA1

    5efad940258c83d5d31212f291ff784079cee405

  • SHA256

    407768d45386b545b588ceb938324586954e446132ecef0273b8067cbf1ce4d9

  • SHA512

    0a78d3156ca824926eff67bef86fa9a33f623f5515cc4737e8c4d840fdb27684430c9751f58dfef82d790665855ff42a29b58bafd85d338948a78868253b34e1

Malware Config

Targets

    • Target

      0176a34057e7db4cc4810bb8eedad9cd.exe

    • Size

      1012KB

    • MD5

      0176a34057e7db4cc4810bb8eedad9cd

    • SHA1

      5efad940258c83d5d31212f291ff784079cee405

    • SHA256

      407768d45386b545b588ceb938324586954e446132ecef0273b8067cbf1ce4d9

    • SHA512

      0a78d3156ca824926eff67bef86fa9a33f623f5515cc4737e8c4d840fdb27684430c9751f58dfef82d790665855ff42a29b58bafd85d338948a78868253b34e1

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks