Overview

overview

10

Static

static

fizetési_...ás.js

windows7_x64

10

fizetési_...ás.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fizetési igazolás.eml.msg

  • Size

    30KB

  • Sample

    201201-nqqtg2se2n

  • MD5

    7957f01e3dd58bf95c0a0cba694c6825

  • SHA1

    0a81b978e6ffc9d908391354dc2409ec93f6c9e2

  • SHA256

    2479411adb58bd76f54b991f75232058de6c387f7fe639bc66c13731ec81dff8

  • SHA512

    a91c256cb8fc9db22929e2bf8a08dc25cbb176b9c46bd671bb08c8ffbca0c3164a5ffaea6cd28f0e20ac5c8922e35f37482d9835c4f050bd021b64af11ca51bd

Score
10/10
massloggerspywarestealer

Malware Config

Targets

    • Target

      fizetési_visszaigazolás.js

    • Size

      3KB

    • MD5

      3c4c51617719e0431c8947756c1a79e2

    • SHA1

      d4ce83ce15355ddd4940a2d739e9eef978e0921c

    • SHA256

      03cb959ae09b02512f1793b03afa9092886bbeb9b38b9404a583e7ab6889df4a

    • SHA512

      7138b5b3c2dad718a539a4e62a7d1edf7c80578af9e9dfb9501da9b66000d38c949f79c78e2e580c68d1e06cbac97740955292002546d3e9d3e8a168fb265b6c

    Score
    10/10
    massloggerspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks