Overview

overview

10

Static

static

gYMDqZk9NvACog9.exe

windows7_x64

10

gYMDqZk9NvACog9.exe

windows10_x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    gYMDqZk9NvACog9.exe

  • Size

    901KB

  • Sample

    200714-lq662frm16

  • MD5

    a49788f4389f09f209c66e798acc4341

  • SHA1

    17909c880885433b7054ae36d1839b5e3cd2a0cf

  • SHA256

    92276f87f48836d141ee02c8b6f75398ded9a3e4b12b84441e3125933af6c755

  • SHA512

    51c5b561617e6f37d2863f5b17873186c9e8a69cf888c687d75a71395f3d1e42accca5172b1ad14acdcf66e99c1df3ca57f198f6d73107c9f357508d37520760

Score
10/10
massloggerspywarestealer

Malware Config

Targets

    • Target

      gYMDqZk9NvACog9.exe

    • Size

      901KB

    • MD5

      a49788f4389f09f209c66e798acc4341

    • SHA1

      17909c880885433b7054ae36d1839b5e3cd2a0cf

    • SHA256

      92276f87f48836d141ee02c8b6f75398ded9a3e4b12b84441e3125933af6c755

    • SHA512

      51c5b561617e6f37d2863f5b17873186c9e8a69cf888c687d75a71395f3d1e42accca5172b1ad14acdcf66e99c1df3ca57f198f6d73107c9f357508d37520760

    Score
    10/10
    stealerspywaremasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks