Overview

overview

10

Static

static

uksWKvZWmEjyfQm.exe

windows7_x64

10

uksWKvZWmEjyfQm.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    uksWKvZWmEjyfQm.exe

  • Size

    973KB

  • Sample

    200714-9mh6y9zk2j

  • MD5

    0ba295c9b19580265e061e5febedf9f9

  • SHA1

    15cef08eb4c1004611f795dcae47ac0db268a6a6

  • SHA256

    abb96fbc3e4b80337204e33d19134498c7eca75ba47390fe4df7939383515e6d

  • SHA512

    4b5ba0019752cec28d48bf8bfcee6199dc0d10519e1433f465c4f9f87ab7bd9ceb7c478b12758200d10cf0ca068dd3718c73706150c4e2faebb2c3c926a66711

Score
10/10
massloggerspywarestealer

Malware Config

Targets

    • Target

      uksWKvZWmEjyfQm.exe

    • Size

      973KB

    • MD5

      0ba295c9b19580265e061e5febedf9f9

    • SHA1

      15cef08eb4c1004611f795dcae47ac0db268a6a6

    • SHA256

      abb96fbc3e4b80337204e33d19134498c7eca75ba47390fe4df7939383515e6d

    • SHA512

      4b5ba0019752cec28d48bf8bfcee6199dc0d10519e1433f465c4f9f87ab7bd9ceb7c478b12758200d10cf0ca068dd3718c73706150c4e2faebb2c3c926a66711

    Score
    10/10
    stealerspywaremasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks