Overview

overview

10

Static

static

0176a34057...cd.exe

windows7_x64

10

0176a34057...cd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0176a34057e7db4cc4810bb8eedad9cd.exe

  • Size

    1012KB

  • Sample

    200711-ndmse5jaq2

  • MD5

    0176a34057e7db4cc4810bb8eedad9cd

  • SHA1

    5efad940258c83d5d31212f291ff784079cee405

  • SHA256

    407768d45386b545b588ceb938324586954e446132ecef0273b8067cbf1ce4d9

  • SHA512

    0a78d3156ca824926eff67bef86fa9a33f623f5515cc4737e8c4d840fdb27684430c9751f58dfef82d790665855ff42a29b58bafd85d338948a78868253b34e1

Score
10/10
massloggerspywarestealer

Malware Config

Targets

    • Target

      0176a34057e7db4cc4810bb8eedad9cd.exe

    • Size

      1012KB

    • MD5

      0176a34057e7db4cc4810bb8eedad9cd

    • SHA1

      5efad940258c83d5d31212f291ff784079cee405

    • SHA256

      407768d45386b545b588ceb938324586954e446132ecef0273b8067cbf1ce4d9

    • SHA512

      0a78d3156ca824926eff67bef86fa9a33f623f5515cc4737e8c4d840fdb27684430c9751f58dfef82d790665855ff42a29b58bafd85d338948a78868253b34e1

    Score
    10/10
    spywarestealermasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks