onlylogger | 7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a | Triage

Analysis

max time kernel
13s
max time network
135s
platform
windows10_x64
resource
win10v20210408
submitted
15-08-2021 17:50

Sharing

Report Analysis Logs

General

Target

mixazed_20210815-193857.exe
Size

200KB
MD5

db4a99a2222cd4ff1e38cb7a167e6782
SHA1

ac220091ee274e285a84f465797cf0de426c2c95
SHA256

7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a
SHA512

517813d41ce1530e8aacc85364fc5aa5c5167caff36de107b3e9537cb59fecc11e93f2342139578bf9c94c28c96c3e0c4797c47d0cfd8188632b2d9581bcfbe6

Score

10^/10

onlylogger loader

Malware Config

Signatures

OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3128-115-0x0000000000400000-0x0000000002CBF000-memory.dmp	family_onlylogger

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe
"C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe"
1⤵
PID:3128

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3128-114-0x0000000002CC0000-0x0000000002E0A000-memory.dmp

Filesize
1.3MB

Download
memory/3128-115-0x0000000000400000-0x0000000002CBF000-memory.dmp

Filesize
40.7MB

Download