Overview

overview

10

Static

static

file879746364.exe

windows7_x64

10

file879746364.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51e81606c83a45f377f02d4c4f9446c116fe953533ef659c57a716309167c160

  • Size

    608KB

  • Sample

    220417-sdtgfabdh5

  • MD5

    489283c77ffe843269db093979f25405

  • SHA1

    dc6947055287fe6cd1f42677b32c343ea26d5201

  • SHA256

    51e81606c83a45f377f02d4c4f9446c116fe953533ef659c57a716309167c160

  • SHA512

    c28013668fe77dd87c601791076eaeebdea18a778df36c28cd2de4fc04aa460accd07240cfd6bd1a5561007257a879edea48083610047dbb2a9b2dc0a212810e

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      file879746364.exe

    • Size

      2.1MB

    • MD5

      3b10a8c40bbd06a720888edd35867216

    • SHA1

      5bf555357cdcb51ae1906008195c548bfe89f0c1

    • SHA256

      bf3bde5fc3f11ee8c3f354e4180c39bcc5734939cbd2a611d5fcd81e2b5f6fd8

    • SHA512

      2b7cee646476318507819d53594e048f557f4b385da46080bea096277157151492b3c7f67d009ad7f87e1b4df817f5ec07eefe38e27d24be61e264c6152f29c4

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks