Overview

overview

10

Static

static

5

RFQ_009876...27.exe

windows7_x64

10

RFQ_009876...27.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f734b264951f521126bf41300a7ebdbf009b23629d2068e3b608239f2576f36f

  • Size

    1.3MB

  • Sample

    220419-q4e1mabaeq

  • MD5

    2abb66d56150d6b48f1e527a4460f807

  • SHA1

    c5d4692ac4aaa7a0d7ec321f542363686736238d

  • SHA256

    f734b264951f521126bf41300a7ebdbf009b23629d2068e3b608239f2576f36f

  • SHA512

    55127eee5017b040976d75c3517bbd00ac924d6fbf3b6c2bbcb8bcb07db665b1d75ba92d40b23e9b2edf72e35ba7e358c6021c89611079f39a0eef2437b40a74

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      RFQ_00987652_20127.exe

    • Size

      1.7MB

    • MD5

      710708156fd1fa5976a8cb4f56af5d29

    • SHA1

      cae88c79966a8f5ca65f252761eb8891f3ad1e8b

    • SHA256

      c3fc15b30bc7d5eac9d29aee10d6f1362ec0ab007d2b06c0e5fa40eb8da63ae0

    • SHA512

      d4b41a0471837270337dafb01343077faeeebcba2a3c390cd6f340b8621ff48f6fc0719c4c785392fbffc4590863c9fcffcdcd788b765cbdca3f257cf4a0614b

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks