Overview

overview

10

Static

static

SWIFT_3003...44.exe

windows7_x64

10

SWIFT_3003...44.exe

windows10-2004_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4081806d16bb4b192d516927bd81c7b009a8e0af91d3010dbf93c28940d83235

  • Size

    921KB

  • Sample

    220520-3c79bagfe5

  • MD5

    1df43385fac081709498b84fef18ccc7

  • SHA1

    d045b9eb72154c3494e0212e8de0c4224dbe6edd

  • SHA256

    4081806d16bb4b192d516927bd81c7b009a8e0af91d3010dbf93c28940d83235

  • SHA512

    e3a97f8be9c1f5cf0eb45b833df17ae33483c73f3a8ba7005f24598d911830f0bb7ae9bc77c05a2732708caea70cc5966f38536fe1e4770c9ef8f6d42ca17997

Score
10/10
massloggercollectionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.2.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:26:36 AM MassLogger Started: 5/21/2022 1:26:23 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\SWIFT_30032131300221547_0029938344.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| USB Spread ||> Disabled <|| Downloader ||> Disabled <|| Bot Killer ||> Disabled <|| Window Searcher ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Targets

    • Target

      SWIFT_30032131300221547_0029938344.exe

    • Size

      1021KB

    • MD5

      224dfa794a92c3129e790f211bc1fe37

    • SHA1

      735ea8cd7357f40216da74736e65a0159b4c7fd7

    • SHA256

      a05377124fe9f9a262ddb1b58d2eac7556299ec686bf5c2f005bd4792131a3c8

    • SHA512

      49fe47f66fb4a21c2d21f9161462968181984213deef7c759fec6bc6852bca05f8fa6a92c02bf5437732eb4db1c63ad2bd4320ff631faff6678a56d74414fc39

    Score
    10/10
    massloggercollectionransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks