Analysis Overview
SHA256
7b6ebb8c45b9da5e1253fcd5dbcf770726caaf901240fa9b632156df21795c1a
Threat Level: Known bad
The file mixazed_20210815-193857 was found to be: Known bad.
Malicious Activity Summary
OnlyLogger
OnlyLogger Payload
Legitimate hosting services abused for malware hosting/C2
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-12-02 15:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-15 17:50
Reported
2021-08-15 17:53
Platform
win7v20210410
Max time kernel
6s
Max time network
36s
Command Line
Signatures
OnlyLogger
OnlyLogger Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Processes
C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe
"C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | iplogger.org | udp |
| DE | 88.99.66.31:80 | iplogger.org | tcp |
| DE | 88.99.66.31:443 | iplogger.org | tcp |
Files
memory/2028-60-0x0000000000220000-0x0000000000236000-memory.dmp
memory/2028-61-0x0000000000400000-0x0000000002CBF000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2021-08-15 17:50
Reported
2021-08-15 17:52
Platform
win10v20210408
Max time kernel
13s
Max time network
135s
Command Line
Signatures
OnlyLogger
OnlyLogger Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Processes
C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe
"C:\Users\Admin\AppData\Local\Temp\mixazed_20210815-193857.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | iplogger.org | udp |
| DE | 88.99.66.31:80 | iplogger.org | tcp |
| DE | 88.99.66.31:443 | iplogger.org | tcp |
Files
memory/3128-114-0x0000000002CC0000-0x0000000002E0A000-memory.dmp
memory/3128-115-0x0000000000400000-0x0000000002CBF000-memory.dmp