Overview

overview

10

Static

static

chibyke03.exe

windows7_x64

10

chibyke03.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9a2df6be446befa12555298a0e52c7b5e2cd13f5565873bd5caab1dbaf6cde4

  • Size

    698KB

  • Sample

    220503-sb7ahscbgr

  • MD5

    f6fa3500a9c5fc87eaf959d35b2d53d2

  • SHA1

    63ed1f8e7fb57ae1f288618c4c4fd49a8c0263c9

  • SHA256

    d9a2df6be446befa12555298a0e52c7b5e2cd13f5565873bd5caab1dbaf6cde4

  • SHA512

    91baa922563d6e2e8e4f930da5a8f1e17ca26e8d7aa350ea7af6dbf397b3dc92e43f902c160b8acd3381cc88f0af98bca3fd23c8de8a646ef39504178942d51c

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      chibyke03.exe

    • Size

      1.0MB

    • MD5

      d9d969b4d51b61c1f2e62305fcb8ba1b

    • SHA1

      f98d039477e9c5f531a7f809dc7686e69ed5aff1

    • SHA256

      8e351736ae4bff938f1b59b396f039a6a281c4b8401f918f6b7b52b5c574d330

    • SHA512

      95f7b868951e3bc9867478df083b2fb43807ef053dcee05c6bd3e3d78d466b885309a7c2a5b65bfc8b41bef35ec89fa01edeead4f7cf63b82103677812cfa912

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks