masslogger | cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c | Triage

Submit
Reports

Overview

overview

Static

static

QUOTE-FILE...df.exe

windows7_x64

QUOTE-FILE...df.exe

windows10-2004_x64

Sharing

General

Target

cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c
Size

566KB
Sample

220520-2qbxlaaggk
MD5

77d0eae3d4be21ec4b5b10b734c2db32
SHA1

8cb36307305a97ccacf6c7e47f946ea28e843862
SHA256

cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c
SHA512

d9cd4da6b859cc5bca501143db7c138f6134c1d585b7751fcfb7fc782f1860cc28814015629776be137487b0b91c2ffecb48b7d1c3e1454ef57c11e1d4ea7d73

Score

10^/10

masslogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

QUOTE-FILE476544567493478.pdf.exe

Resource

win7-20220414-en

masslogger persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QUOTE-FILE476544567493478.pdf.exe

Resource

win10v2004-20220414-en

masslogger persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  QUOTE-FILE476544567493478.pdf.exe
- Size
  
  1.4MB
- MD5
  
  dae94a89e0be7fb5eeab946b07ddc57a
- SHA1
  
  be4e5889e429eaa15acc685864fbf64dd677a903
- SHA256
  
  9827d07eba83763e229dfa24ce8c14e3751b216bba993a299f333a429b08232f
- SHA512
  
  dadb69ee9bc230e29a0f6c96e675cb8f2bdf06ce6475959352f04515901caa412869be2ac89d780361d7e372819181cff0d24dffc70dd27be12c76ee691199dd
Score

10^/10

masslogger persistence spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggerpersistencespywarestealer

behavioral2

massloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy