Overview

overview

10

Static

static

SKBMT+ Ord...DF.exe

windows7_x64

10

SKBMT+ Ord...DF.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SKBMT+ Order No. SO-001172_PDF_ PDF.exe

  • Size

    1.4MB

  • Sample

    200716-kbtjd7fsca

  • MD5

    1afa1a55ea9ccb98d329dd44c631497d

  • SHA1

    b2f229508cec9dd79dc1362fd78781ad994975fc

  • SHA256

    51feba16fe4544448af69bc8c311f138aeec6d3c92114aaa9d00c427bbe240d8

  • SHA512

    e1a74cbd93bf13ec6658367849834a97a08d607882f11a5feb58e2613c14f3a2a39e473251e630792151cbd5d76e9b0e17433a35274fa51041f31025b704c740

Score
10/10
massloggerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\C8A579F880\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/16/2020 9:18:53 AM MassLogger Started: 7/16/2020 9:18:46 AM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\SKBMT+ Order No. SO-001172_PDF_ PDF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      SKBMT+ Order No. SO-001172_PDF_ PDF.exe

    • Size

      1.4MB

    • MD5

      1afa1a55ea9ccb98d329dd44c631497d

    • SHA1

      b2f229508cec9dd79dc1362fd78781ad994975fc

    • SHA256

      51feba16fe4544448af69bc8c311f138aeec6d3c92114aaa9d00c427bbe240d8

    • SHA512

      e1a74cbd93bf13ec6658367849834a97a08d607882f11a5feb58e2613c14f3a2a39e473251e630792151cbd5d76e9b0e17433a35274fa51041f31025b704c740

    Score
    10/10
    ransomwarestealerspywaremasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks