masslogger | 4421b611912f893aa288864ee328deda8e429b89716fae08912bee2d8885f419 | Triage

Submit
Reports

Overview

overview

Static

static

readerdc64...ll.exe

windows10-2004_x64

Sharing

General

Target

readerdc64_es_xa_crd_sec_install.exe
Size

1.2MB
Sample

220512-qsfssafcf8
MD5

109ac5b1c71e338a891eea8f45525613
SHA1

930c205a0627f99b0adf3b33ca480370ec7034f0
SHA256

4421b611912f893aa288864ee328deda8e429b89716fae08912bee2d8885f419
SHA512

f21c09b6be338e8fa323db65fcad5be026a70f943331d494f40b07d556682fbf058640035f52dfe267c67cc5f4fa890a7dec3674c83e44a65904fc403e8f1730

Score

10^/10

masslogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

readerdc64_es_xa_crd_sec_install.exe

Resource

win10v2004-20220414-en

masslogger persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  readerdc64_es_xa_crd_sec_install.exe
- Size
  
  1.2MB
- MD5
  
  109ac5b1c71e338a891eea8f45525613
- SHA1
  
  930c205a0627f99b0adf3b33ca480370ec7034f0
- SHA256
  
  4421b611912f893aa288864ee328deda8e429b89716fae08912bee2d8885f419
- SHA512
  
  f21c09b6be338e8fa323db65fcad5be026a70f943331d494f40b07d556682fbf058640035f52dfe267c67cc5f4fa890a7dec3674c83e44a65904fc403e8f1730
Score

10^/10

masslogger persistence spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- Registers COM server for autorun
  persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Vidar log file
  Detects a log file produced by Vidar.
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy