Overview

overview

10

Static

static

Detalhes d...ia.exe

windows7_x64

10

Detalhes d...ia.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Detalhes da conta bancária.exe

  • Size

    990KB

  • Sample

    200713-gnvcxsxp5a

  • MD5

    4171abbcb366d00815bc70c1c794a703

  • SHA1

    e23ea5b6598855dd7959829a4ab35d766d1f843c

  • SHA256

    51d9993db6088b6817645cc0054e62926e4f249cb405ae05355a6d4520a46525

  • SHA512

    726ff167bf0dd2f333fe744bca06bfb741629ee45e2e886d2971dbe200de4ff94fc094b15fcbe1e7353457609b3e6e743afd675c79e4554b7bf2fe30eb0d346b

Score
10/10
massloggerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\E2C1E8F1FA\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 7 Professional 64bit Windows Serial Key: HYF8J-CVRMY-CM74G-RPHKF-PW487 CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/13/2020 11:09:41 AM MassLogger Started: 7/13/2020 11:09:36 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Detalhes da conta bancária.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      Detalhes da conta bancária.exe

    • Size

      990KB

    • MD5

      4171abbcb366d00815bc70c1c794a703

    • SHA1

      e23ea5b6598855dd7959829a4ab35d766d1f843c

    • SHA256

      51d9993db6088b6817645cc0054e62926e4f249cb405ae05355a6d4520a46525

    • SHA512

      726ff167bf0dd2f333fe744bca06bfb741629ee45e2e886d2971dbe200de4ff94fc094b15fcbe1e7353457609b3e6e743afd675c79e4554b7bf2fe30eb0d346b

    Score
    10/10
    ransomwarespywarestealermasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks