Resubmissions

24/11/2020, 07:19

201124-c593vq5fxe 10

24/11/2020, 06:34

201124-ndm4s5wh1j 10

General

  • Target

    Machine_Specification.img

  • Size

    1.2MB

  • Sample

    201124-ndm4s5wh1j

  • MD5

    27e992e0356385d72dc703b286292039

  • SHA1

    67e307a49647453f74cffe21ab7ccf82a688539b

  • SHA256

    fe58f1f1a965f99d61358250dba7792b77c805312677074209c9641fb8e3265a

  • SHA512

    3f0d068982952ecc38ba3331b066cdeda5cbc1c43f680965cc715a04509c17156c0cb67eb04b5e7eea7d28ae0ff8cedc40a468791d45710f86260867516ed334

Malware Config

Targets

    • Target

      QUOTATIO.EXE

    • Size

      669KB

    • MD5

      f29503b7cc609d116bf10301276cefd4

    • SHA1

      09e5a76d532011881e144b03451a4000434f0a9d

    • SHA256

      bd0f0e3a4eae909e89bd8134013b914a9279a39ac7ce8fc12d073cd821d60659

    • SHA512

      30ba65bcd5527d74e0c78a67286214a6bb0d67d69b9d80d7b29a9d5c9c2601b105dc20dd597c79e63e2bac702b6c34e7e5d222f3448b4853a285aac20f1aad54

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks