Overview

overview

10

Static

static

usd100374=...00.exe

windows7_x64

10

usd100374=...00.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d9b42ceeb907502e05847f173c3ecad536035ec1f01febd3b5471f7019bda9b

  • Size

    924KB

  • Sample

    220502-sv3rfagbc9

  • MD5

    ade36208ee56ad2692ca7357bbea2a95

  • SHA1

    15bbbd16cd4ead50a4d715d91b70c02ed260e501

  • SHA256

    5d9b42ceeb907502e05847f173c3ecad536035ec1f01febd3b5471f7019bda9b

  • SHA512

    57e4e0793d0d1bdde195e2ff3862eadd769337b674d6e716fa2fd0a588ec662acd493be6bd5daa30c0c84d09c86b7e2aa53ae205c511be06a6ec045a6fa9d14c

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      usd100374=usd37400.exe

    • Size

      1008KB

    • MD5

      b5daea22056dbf2a79b2249c70c5e441

    • SHA1

      70b02bad0015f9f1ef40414577dd2e9413c5d336

    • SHA256

      fce44d4ea50194f48988cd604e3bd7fa580f9d55ebc1c8c1da791c0737133a9f

    • SHA512

      29c1035904f8ff6d3d38bcd1d794dfc758abac98ee327183214c6503189798ed63e7833e8946ea39f2b6af1b8880ad2552a847aed4b00abbc91b6fcd06c42ba8

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks