General

  • Target

    vqmoplwb.exe

  • Size

    533KB

  • Sample

    201125-16qfyy84ks

  • MD5

    4eca35a8854e4290dcc797d9556244b4

  • SHA1

    2432505bb2273b93659053c83e0b892f63b9105d

  • SHA256

    b78c057366525777ab931d9a4a2962a2df499a6690aae1f3e215097d5adbb458

  • SHA512

    4074179e92af89b3d6fa353143323445d4974101f444328c503e0ad3543e76cb4c9349ad3a6f4288c1445b552ee4823803f2c545b47d7d353b5bb09d0a96dc49

Malware Config

Targets

    • Target

      vqmoplwb.exe

    • Size

      533KB

    • MD5

      4eca35a8854e4290dcc797d9556244b4

    • SHA1

      2432505bb2273b93659053c83e0b892f63b9105d

    • SHA256

      b78c057366525777ab931d9a4a2962a2df499a6690aae1f3e215097d5adbb458

    • SHA512

      4074179e92af89b3d6fa353143323445d4974101f444328c503e0ad3543e76cb4c9349ad3a6f4288c1445b552ee4823803f2c545b47d7d353b5bb09d0a96dc49

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks