Overview

overview

10

Static

static

Inquired M...ls.exe

windows7_x64

10

Inquired M...ls.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    126s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Inquired Materials.exe

  • Size

    2.3MB

  • MD5

    47d3bd28eb5dd0d07bf1550987f443fd

  • SHA1

    f25d43feefd19d187e64f4bf8bfb33589cc0c32a

  • SHA256

    db6d686590ded24cbfc0dfb2be4cd25035d7422c4cf49e6b9bf94469d2573e7d

  • SHA512

    76065edd59cb13198de9d7f668977089d02b4bad286f6067141acbca57a54f8da07bc48b78ee04954e5e5f0f916eb113a0eb212dc13702d5c36f27cbddffebec

Score
10/10
massloggercollectionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:31:43 AM MassLogger Started: 5/21/2022 4:31:36 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Dmacdavid

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger log file 1 IoCs

    Detects a log file produced by MassLogger.

  • Accesses Microsoft Outlook profiles 1 TTPs 18 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Inquired Materials.exe
    "C:\Users\Admin\AppData\Local\Temp\Inquired Materials.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4920
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • outlook_office_path
      • outlook_win_path
      PID:1008

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1008-165-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-139-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-643-0x0000000008180000-0x000000000821C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1008-642-0x0000000008090000-0x00000000080E0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1008-134-0x0000000000000000-mapping.dmp

    Download

  • memory/1008-169-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-137-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-167-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-141-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-143-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-145-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-147-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-149-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-151-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-153-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-155-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-157-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-159-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-161-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-163-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-641-0x0000000006560000-0x000000000656A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1008-640-0x0000000006110000-0x0000000006176000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1008-135-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-171-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-173-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-175-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-177-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-179-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-181-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-183-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-185-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-187-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-189-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-191-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-193-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-195-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1008-197-0x0000000000400000-0x0000000000546000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4920-131-0x0000000005D80000-0x0000000006324000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4920-133-0x0000000005CE0000-0x0000000005D24000-memory.dmp

    Filesize

    272KB

    Download

  • memory/4920-130-0x0000000000AE0000-0x0000000000D30000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4920-132-0x0000000005870000-0x0000000005902000-memory.dmp

    Filesize

    584KB

    Download