masslogger | 7cfbde8e87809e872fa1dc3d178d4644cf19e921534c746c05ada8a7bc573d17 | Triage

Submit
Reports

Overview

overview

Static

static

Ziraat Ban...ji.exe

windows7_x64

Ziraat Ban...ji.exe

windows10-2004_x64

Sharing

General

Target

7cfbde8e87809e872fa1dc3d178d4644cf19e921534c746c05ada8a7bc573d17
Size

480KB
Sample

220521-akdepaadb2
MD5

5fb92ca8d14f90f4fec0016841ea1bc4
SHA1

6cb52a7a836ecfee7698b6f2469a3b17e9f2a354
SHA256

7cfbde8e87809e872fa1dc3d178d4644cf19e921534c746c05ada8a7bc573d17
SHA512

3e67079eb7322f5430c1f43fbb09c3916243defad4c9f8068da5d77bc6732e59ff261ad4bd0b750d23e0a90d639d19077f3d17821d1d9f3ba7d1f0eeb7c1f7e2

Score

10^/10

masslogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Ziraat Bankasi Swift Messaji.exe

Resource

win7-20220414-en

masslogger persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Ziraat Bankasi Swift Messaji.exe

Resource

win10v2004-20220414-en

masslogger persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Ziraat Bankasi Swift Messaji.exe
- Size
  
  1.3MB
- MD5
  
  7ba9c730b33fd37be0eec329aabeb6a0
- SHA1
  
  eabc80e887de547dc8dd16d4d0a515df48f30791
- SHA256
  
  30dac0d69e366db4ce57a0935d5619e4bcebfcbaa9f14b7618970cc2aaa522f4
- SHA512
  
  a8ac548c69d3698c87a18291577e6ddc3912c6009878382c3b1bc83cd3ad2b96f39cd60f797a60ae75bb992c413dc35a6f2a4fb844640a621cf88d75a93381fc
Score

10^/10

masslogger persistence spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggerpersistencespywarestealer

behavioral2

massloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy