onlylogger | 602d032373668d54b7f96d31362091272b601cd0f313b251cd88625439fb5a82 | Triage

Analysis

max time kernel
12s
max time network
116s
platform
windows10_x64
resource
win10v20210410
submitted
06-07-2021 17:00

Sharing

Report Analysis Logs

General

Target

onlylogger.exe
Size

350KB
MD5

9749a3a101daeb44a788492db61f6bc0
SHA1

599f4e55f2c027ec365fd3ae5f35302458ae88a0
SHA256

602d032373668d54b7f96d31362091272b601cd0f313b251cd88625439fb5a82
SHA512

00e288efa9f999ed94fb86042c51771fbce16101468d9e9f18171c06c005f0d39cd66df68147ee24b546f22296980db125849afc658571c4666aade8017f6f2b

Score

10^/10

onlylogger loader

Malware Config

Signatures

OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1824-115-0x0000000000400000-0x00000000008F6000-memory.dmp	family_onlylogger

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

C:\Users\Admin\AppData\Local\Temp\onlylogger.exe
"C:\Users\Admin\AppData\Local\Temp\onlylogger.exe"
1⤵
PID:1824

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1824-114-0x00000000009B0000-0x0000000000AFA000-memory.dmp

Filesize
1.3MB

Download
memory/1824-115-0x0000000000400000-0x00000000008F6000-memory.dmp

Filesize
5.0MB

Download