Overview

overview

10

Static

static

RFQ.exe

windows7_x64

10

RFQ.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ.exe

  • Size

    1.5MB

  • Sample

    200715-h945v85vla

  • MD5

    969a8477f79fde1151cb063057cc0d8b

  • SHA1

    9bf8a7944db8aeeaad3fb2066efbd523059ee965

  • SHA256

    127d38ba33a67b3fa64e954d209cd9276b5d548462cd47cc3abafa8192073bab

  • SHA512

    cc071fef67e27b40c981684284b607aba5db1457ce7f9ae8ba1cc0ce615f8f865a328e64dbb87efb3d40b2308188c47933e0e9214eb6457a434cf149d104456a

Score
10/10
massloggerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\E2C1E8F1FA\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.6.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 7 Professional 64bit Windows Serial Key: HYF8J-CVRMY-CM74G-RPHKF-PW487 CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/15/2020 1:45:16 PM MassLogger Started: 7/15/2020 1:45:12 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\RFQ.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @jaffinmarknma@344

Targets

    • Target

      RFQ.exe

    • Size

      1.5MB

    • MD5

      969a8477f79fde1151cb063057cc0d8b

    • SHA1

      9bf8a7944db8aeeaad3fb2066efbd523059ee965

    • SHA256

      127d38ba33a67b3fa64e954d209cd9276b5d548462cd47cc3abafa8192073bab

    • SHA512

      cc071fef67e27b40c981684284b607aba5db1457ce7f9ae8ba1cc0ce615f8f865a328e64dbb87efb3d40b2308188c47933e0e9214eb6457a434cf149d104456a

    Score
    10/10
    ransomwarespywarestealermasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks