masslogger | 99dfff5aea67bbe0ac65e9f104f6fd78d7a285022691d21e1ffa6d9643090604 | Triage

Submit
Reports

Overview

overview

Static

static

5

cv.exe

windows7_x64

cv.exe

windows10-2004_x64

Sharing

General

Target

99dfff5aea67bbe0ac65e9f104f6fd78d7a285022691d21e1ffa6d9643090604
Size

2.7MB
Sample

220520-sftj8ahbb4
MD5

dbed9c750fe523df2b37fa330b504668
SHA1

9a02a2aefbc00a679b9931cbe0862a3b5748fc12
SHA256

99dfff5aea67bbe0ac65e9f104f6fd78d7a285022691d21e1ffa6d9643090604
SHA512

d0142a5ea2783622e3710c8d23f58f08ad26bf137d1ca51e5a54364726280aedc52d9e357d74a811ba69e8ae146a69dcce8c53d5064649da21ca8e620103fce4

Score

10^/10

masslogger collection spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

cv.exe

Resource

win7-20220414-en

masslogger collection spyware stealer upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cv.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.insooryaexpresscargo.com
Port:
587
Username:
[email protected]
Password:
GuG5GK(3m7*Z

Targets

- Target
  
  cv.exe
- Size
  
  3.1MB
- MD5
  
  8e2d91235bb4934329abf1a295046231
- SHA1
  
  98dc2adc20715025daf23d20c6dcdd0cc7de3b02
- SHA256
  
  a500af65cdde463b260205bf423f59e03a3f3ffbff5838af44ad46172d5554b9
- SHA512
  
  d7c81f962356951c0e7e6c4cef226579813340397b2275805597bbc15fc9ff1baf937a3695cf2dd35aa0026981d5a6d1a9e52b32a281770b2536cc1372b4629a
Score

10^/10

masslogger collection spyware stealer upx
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealerupx

behavioral2

massloggercollectionspywarestealerupx

© 2018-2024

Terms | Privacy