masslogger | 70b7e90d998239e628bb364f5d9d625d53a82318103b3da59810af74681f277c | Triage

Submit
Reports

Overview

overview

Static

static

5

Urgent req...on.exe

windows7_x64

Urgent req...on.exe

windows10-2004_x64

Sharing

General

Target

70b7e90d998239e628bb364f5d9d625d53a82318103b3da59810af74681f277c
Size

2.8MB
Sample

220520-qnslsadfh3
MD5

12f1a1ccaffeb9eed4955c2abd7c9d7e
SHA1

79966154677508805f09254b7cb2403861ffb6c7
SHA256

70b7e90d998239e628bb364f5d9d625d53a82318103b3da59810af74681f277c
SHA512

c22f28b7f74dcc3b791c82ce1134c354273af2fd2be65ad782d0cd4b7279a5efd708d3a6052468498afd20de9884b3a521c5b25b37c1c8d47c9529873cacef97

Score

10^/10

masslogger collection spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Urgent request for Quotation.exe

Resource

win7-20220414-en

masslogger collection spyware stealer upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Urgent request for Quotation.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
webmail.argo.com.br
Port:
587
Username:
[email protected]
Password:
argo2019xa

Targets

- Target
  
  Urgent request for Quotation.exe
- Size
  
  3.3MB
- MD5
  
  62a7d430071026ab9826285d60354082
- SHA1
  
  fc028f6a25a1acd1f0741669bd257fa65aa87cdb
- SHA256
  
  d149c44a5c8f9d0589498409795b1e37bc9caf8bd3a41b50b0ab97a80ba096b7
- SHA512
  
  8611907c264600b72d2f517b396006d99869be932e3303af4aaa45e3e580348bbc6778baadfea2f3729dd0d5690a74988f5bac840f1f502b1cb801a6c8ab7f88
Score

10^/10

masslogger collection spyware stealer upx
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealerupx

behavioral2

massloggercollectionspywarestealerupx

© 2018-2024

Terms | Privacy