General

  • Target

    PAYMENT DETAILS CONFIRMATION.exe

  • Size

    992KB

  • Sample

    200917-pfb7k8esz2

  • MD5

    73c81dd67773b2efa5261e20adf74a5b

  • SHA1

    fde0db688d6abb4aad0bb646db9f1c192d980b5a

  • SHA256

    ad32cadc3a75e969c0e8c25dfec398378aceb406017050763ce3c5d482998f42

  • SHA512

    8b2483b0dedf9d6b9329202d40544291b55601518c3b14f5df764e277114ee6538bdf6d08efcb8c3dad99ac7368471354acb1bf1ecd3f7da2c072f8c5a8e24d9

Malware Config

Targets

    • Target

      PAYMENT DETAILS CONFIRMATION.exe

    • Size

      992KB

    • MD5

      73c81dd67773b2efa5261e20adf74a5b

    • SHA1

      fde0db688d6abb4aad0bb646db9f1c192d980b5a

    • SHA256

      ad32cadc3a75e969c0e8c25dfec398378aceb406017050763ce3c5d482998f42

    • SHA512

      8b2483b0dedf9d6b9329202d40544291b55601518c3b14f5df764e277114ee6538bdf6d08efcb8c3dad99ac7368471354acb1bf1ecd3f7da2c072f8c5a8e24d9

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks