Overview

overview

10

Static

static

ORDER#5943...df.exe

windows7_x64

10

ORDER#5943...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd9c107fc110c01dd0b975d304d40ca4ef4f633db6eac648fa9fe4989a27c593

  • Size

    943KB

  • Sample

    220502-svb9gsgba8

  • MD5

    6300d2ada99f337d871dfdb444a71cc1

  • SHA1

    18c145490cb9ea467be6ef24fc3c2b10b8c896ca

  • SHA256

    cd9c107fc110c01dd0b975d304d40ca4ef4f633db6eac648fa9fe4989a27c593

  • SHA512

    02d53e82dae431832ec71b02ebfbb7fe9081bb5c1587d58c4959c259ea5d6614528a62bbb978d09ea4493a7cf67fc98234cd4fbdb791267851836a6032a342f1

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      ORDER#5943210011-pdf.exe

    • Size

      1002KB

    • MD5

      735a97ee9c50105ba201c0940c200d40

    • SHA1

      eed3db839d8273f3b3fd294b93bd70239c6b0e74

    • SHA256

      2ab05797cf729e2a8c82cdfee67089f8378297c3b21379d11465207e681f2d1e

    • SHA512

      af9482c5ed2b34d52abedccab31d766f4b669ce53b9f3b3458f4fb7e7f916a20ebcd12dd198ff5bc340ade447c318bdd9cee8fadacdbf6b43b686bcecbb869e6

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks