onlylogger | 7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a | Triage

Analysis

max time kernel
13s
max time network
135s
platform
windows10_x64
resource
win10v20210408
submitted
15-08-2021 17:50

Sharing

Report Analysis Logs

General

Target

mixazed_20210815-193857.exe
Size

200KB
MD5

db4a99a2222cd4ff1e38cb7a167e6782
SHA1

ac220091ee274e285a84f465797cf0de426c2c95
SHA256

7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a
SHA512

517813d41ce1530e8aacc85364fc5aa5c5167caff36de107b3e9537cb59fecc11e93f2342139578bf9c94c28c96c3e0c4797c47d0cfd8188632b2d9581bcfbe6

Score

10^/10

onlylogger loader

Malware Config

Signatures

OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3128-115-0x0000000000400000-0x0000000002CBF000-memory.dmp	family_onlylogger

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe
"C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe"
1⤵
PID:3128

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3128-114-0x0000000002CC0000-0x0000000002E0A000-memory.dmp

Filesize
1.3MB

Download
memory/3128-115-0x0000000000400000-0x0000000002CBF000-memory.dmp

Filesize
40.7MB

Download