Overview

overview

10

Static

static

HSBC SWIFT...DF.exe

windows7_x64

10

HSBC SWIFT...DF.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28c730bd1c67c68555acc37b3eea559a341a18c6b22381ad5dc7ac8a4748efab

  • Size

    1.0MB

  • Sample

    220521-a38csabcb6

  • MD5

    ad50c12c7353dbf6ca6d09d9056e919b

  • SHA1

    8eb3556a22d1399be118952815a5f5665e658a1e

  • SHA256

    28c730bd1c67c68555acc37b3eea559a341a18c6b22381ad5dc7ac8a4748efab

  • SHA512

    13c9cfca762f074b222fb1da6d9b2695c29959ec56c2b01889d9d44bf7bdcd8ce789bd00460b6ab497553b71a2cb28a76d4d510efcad2ec6ea3406ceb99ee35b

Score
10/10
massloggercollectionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:06:20 AM MassLogger Started: 5/21/2022 3:06:08 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\HSBC SWIFT 15072020_39458727759233665_PDF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    whayasaynewnew

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:06:24 AM MassLogger Started: 5/21/2022 3:06:19 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\HSBC SWIFT 15072020_39458727759233665_PDF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      HSBC SWIFT 15072020_39458727759233665_PDF.exe

    • Size

      986KB

    • MD5

      b007c573d0a6e812ef0f6cae5257313e

    • SHA1

      00219a6275e0c00d40d16c0300198da565c1fb28

    • SHA256

      3361c4a361d30a3eba1ad9e92cbc72a7794882a99a88b994371eae262faca387

    • SHA512

      585e8a30e3124ad18593d2d048818297b50737dc9b53ff5d6b548f17555ba73e5f4bdba12a6711d205b070f8751021c9b1a6f2adc74e2912682ec794812e11a2

    Score
    10/10
    massloggercollectionransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks