Overview

overview

10

Static

static

contract document.exe

windows7_x64

10

contract document.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3015ce1d2c48a9edba2b6480828c0184cf40cc0114c148c9d9557b7285ddcd7f

  • Size

    798KB

  • Sample

    220520-2k9xfafee2

  • MD5

    7a4dea175cbc043bdef87c98a10cc7e8

  • SHA1

    979eb59f43f12cc4ced342b40fb796b27f187d48

  • SHA256

    3015ce1d2c48a9edba2b6480828c0184cf40cc0114c148c9d9557b7285ddcd7f

  • SHA512

    cf30aa4fd4d8b029ddfd9c51dd995d9294b1035264107907a1f1ca49bf8d630729bbb7bfe003ea1ee80ecfb4b7351cbb77a1aaa645d27d2c1e2d660c731b97de

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      contract document.exe

    • Size

      821KB

    • MD5

      6f3ce8fb3b14b587b32f612292e2ac55

    • SHA1

      b326a29c550dfdad23775ad734c9ca9653078b9f

    • SHA256

      f784d412a56ccd414525c22e6b2e7c9482040e89be20fdb1f2e4db0016812ea7

    • SHA512

      5fb520283e2dd276c7bf36e1cfbf152603379fd8eb8b218ce8412a83ba520380d11c6bea210b01b29af53822a9c618c3ee9d95c0b466f09d30a5fe36450d1f6d

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks