Overview

overview

10

Static

static

Hesap hare...iz.exe

windows7_x64

10

Hesap hare...iz.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b7eb8b4b865a8d4a7fbfc54aee13159659e8354f49c8b2bec56e139bd80209e

  • Size

    831KB

  • Sample

    220520-rv76gsgeb8

  • MD5

    401e372618734c27e3121d32dac2a3a9

  • SHA1

    31bca33fdb80fe455c8f22ecf847526954fbf959

  • SHA256

    7b7eb8b4b865a8d4a7fbfc54aee13159659e8354f49c8b2bec56e139bd80209e

  • SHA512

    33caa3bdde67998a571b2e6f68b4b3785307cbf3669a8e8ab54581e40b2d3e213ad02174e110d80a8bf0f6bdbc7478d36f496676a6e7e3a2c2bd41fbe9ce88ae

Score
10/10
massloggercollectionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.2.0.0 ||> User Name: Admin IP: 127.0.0.1 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 5:43:28 PM MassLogger Started: 5/20/2022 5:43:02 PM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Hesap hareketleriniz.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| USB Spread ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Killed : 0 malware <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> NA

Targets

    • Target

      Hesap hareketleriniz.exe

    • Size

      1.2MB

    • MD5

      a11cb2b444cb1a165e23fc97fe1304cb

    • SHA1

      65dbfdd4da931bd749f99b5a3c766baa61012e6c

    • SHA256

      0329eea7ab274894de8d7f91105cdea35e86e45e73c9c4411c5fae7cd564832c

    • SHA512

      3f217cac3d11bf3c4ef5e5df824ee0fe25b7f20b549e16c046211cc16914c51480397b1923db65cbe03beeec2e56c55a57602dc1fb05f79bbb021a0107621bd1

    Score
    10/10
    massloggercollectionransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks