Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 13:24
General
-
Target
Company Profile.exe
-
Size
2.1MB
-
MD5
c29a529830426b09db4a2e8fabea26d7
-
SHA1
e533dad57fd624eacc2627afa7d55ca728142e11
-
SHA256
796be4e7eb4f284e2d1747b4bd8b7b5479a15b00b14c857ac27e40411d6415c8
-
SHA512
308fd89df7ff1b61b0ec72eb2f108ec5ade4b3886e6258634f9a6237deffaec0e521deac8390fad1438933a42c03d5d4a3819ff817f5d30d12c029d16881c07a
Malware Config
Signatures
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload 60 IoCs
-
MassLogger log file 2 IoCs
Detects a log file produced by MassLogger.
-
Accesses Microsoft Outlook profiles 1 TTPs 21 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"2⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"2⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- outlook_office_path
- outlook_win_path
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
664KB
-
Filesize
664KB
-
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
272KB
-
Filesize
8KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
-
Filesize
664KB
-
Filesize
272KB