Overview

overview

10

Static

static

purchase order.exe

windows7_x64

10

purchase order.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    purchase order.exe

  • Size

    790KB

  • Sample

    200713-cc8bxfapps

  • MD5

    3c55253fc699ca4f3aa7b5f39796e82c

  • SHA1

    85be2e70b90bbefdb191cd5440c9519772755402

  • SHA256

    420541ff7ab7f97d2110f9c2f2488087c0d2f9e577fa5e55c73eebf4f5416bbc

  • SHA512

    bedb39cfab073dfce9e12488818d20381e48ec33cbfe30c53f5e1679b439b261c65cbf448f1a6d616c74f337f0dbcfd70194b141abc2399eed703210e0b1e297

Score
10/10
massloggerspywarestealer

Malware Config

Targets

    • Target

      purchase order.exe

    • Size

      790KB

    • MD5

      3c55253fc699ca4f3aa7b5f39796e82c

    • SHA1

      85be2e70b90bbefdb191cd5440c9519772755402

    • SHA256

      420541ff7ab7f97d2110f9c2f2488087c0d2f9e577fa5e55c73eebf4f5416bbc

    • SHA512

      bedb39cfab073dfce9e12488818d20381e48ec33cbfe30c53f5e1679b439b261c65cbf448f1a6d616c74f337f0dbcfd70194b141abc2399eed703210e0b1e297

    Score
    10/10
    stealerspywaremasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks