General
-
Target
59818 STS 939_pdf.exe
-
Size
238KB
-
Sample
201109-sh2tl6y5ve
-
MD5
696095ddf9ccfeb0f5ae1ed6aac3ade7
-
SHA1
9f524eb8885d317554d7624ff55be70934b22e56
-
SHA256
1d98e18806cb0b478899854bf39ff2388225501a109405db1816066643224ce8
-
SHA512
c5603667d869e707578077591b613e30b27b74636d7883fc1cd664c32492cdec552194a9c0ec890e75a5f058c1915bd6f8d8686fe6b14469549ec04d21b69298
Static task
static1
Behavioral task
behavioral1
Sample
59818 STS 939_pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
59818 STS 939_pdf.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
cpanel.skyhost.ru - Port:
587 - Username:
harish@skpzi.com - Password:
Princeboy1
Targets
-
-
Target
59818 STS 939_pdf.exe
-
Size
238KB
-
MD5
696095ddf9ccfeb0f5ae1ed6aac3ade7
-
SHA1
9f524eb8885d317554d7624ff55be70934b22e56
-
SHA256
1d98e18806cb0b478899854bf39ff2388225501a109405db1816066643224ce8
-
SHA512
c5603667d869e707578077591b613e30b27b74636d7883fc1cd664c32492cdec552194a9c0ec890e75a5f058c1915bd6f8d8686fe6b14469549ec04d21b69298
Score10/10-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-