masslogger | cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c | Triage

Sharing

General

Target

cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c
Size

566KB
MD5

77d0eae3d4be21ec4b5b10b734c2db32
SHA1

8cb36307305a97ccacf6c7e47f946ea28e843862
SHA256

cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c
SHA512

d9cd4da6b859cc5bca501143db7c138f6134c1d585b7751fcfb7fc782f1860cc28814015629776be137487b0b91c2ffecb48b7d1c3e1454ef57c11e1d4ea7d73
SSDEEP

12288:nWLNwqUcPBQf+kYLco3Ofw09MwvvGeSO3vSKZP39GhAKh:ahPBk+VYo+fjCwv4O3vSYP39mFh

Score

10^/10

masslogger

Malware Config

Signatures

MassLogger Main Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/QUOTE-FILE476544567493478.pdf.exe	family_masslogger

Masslogger family
masslogger

Files

cafdb96c01c40316073dcd570dd863c2962d593b087275d0b493608f1d8ca20c
.zip
QUOTE-FILE476544567493478.pdf.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ