Overview

overview

10

Static

static

NwZDUeq0TcagOm6.exe

windows7_x64

10

NwZDUeq0TcagOm6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a056ff7f44011d37e283386896ec9a88caed230db51a860e7d31de7cff75f56b

  • Size

    996KB

  • Sample

    220502-smsaqsacfr

  • MD5

    f24d17da798e401f09a73fe1763d8417

  • SHA1

    0a6b1c5c922d0056df79be198185075904cf66a2

  • SHA256

    a056ff7f44011d37e283386896ec9a88caed230db51a860e7d31de7cff75f56b

  • SHA512

    85e92923e579439bfcf74840acde4736f0dd43fb0a57f40fc56f2fd75ddefea0dae78d900c7437a1adff8d23a49e5e0c4d4d9abf5108b888b081ba143dbfc374

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      NwZDUeq0TcagOm6.exe

    • Size

      1.1MB

    • MD5

      d9568b84f342440c935b9cc0eaf9cd4f

    • SHA1

      b4940e3ec8002bac5e4211152c1cbf7ce354e078

    • SHA256

      d58538fee18c00f55def8bcaee383bc186440ddd55cb24ab8840cab62183e2ab

    • SHA512

      297f241ed9671c8e745f20e6199b2d1b1bd952f2c379d8c0cd3e026d0647fea7ef58f99e968284ac699107180ee5d566aec620bf2ed18870cf19cbd72d698541

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks