Analysis

  • max time kernel
    13s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    15-08-2021 17:50

General

  • Target

    mixazed_20210815-193857.exe

  • Size

    200KB

  • Sample

    210815-41ga9lcj7s

  • MD5

    db4a99a2222cd4ff1e38cb7a167e6782

  • SHA1

    ac220091ee274e285a84f465797cf0de426c2c95

  • SHA256

    7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a

  • SHA512

    517813d41ce1530e8aacc85364fc5aa5c5167caff36de107b3e9537cb59fecc11e93f2342139578bf9c94c28c96c3e0c4797c47d0cfd8188632b2d9581bcfbe6

Score
10/10

Malware Config

Signatures 3

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

  • OnlyLogger Payload ⋅ 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 ⋅ 1 TTPs

Processes 1

  • C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe
    "C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe"
    PID:3128

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Replay Monitor

                        00:00 00:00

                        Downloads

                        • memory/3128-114-0x0000000002CC0000-0x0000000002E0A000-memory.dmp
                        • memory/3128-115-0x0000000000400000-0x0000000002CBF000-memory.dmp