masslogger | e70ecdaf88aed4cda8550cb3a231b422856e32eba95e32ab55dbebad0884d660 | Triage

Submit
Reports

Overview

overview

Static

static

hesapharek...df.exe

windows7_x64

hesapharek...df.exe

windows10-2004_x64

Sharing

General

Target

e70ecdaf88aed4cda8550cb3a231b422856e32eba95e32ab55dbebad0884d660
Size

558KB
Sample

220521-b549ksgbck
MD5

04128a4e07d4731a68cc32b8ab729846
SHA1

f66edb7c47106a36692e6cb050f08f74e59840ee
SHA256

e70ecdaf88aed4cda8550cb3a231b422856e32eba95e32ab55dbebad0884d660
SHA512

64d6e866b851bff9ce8fdd6a6326f6c1c5fd9f42e3a091fda367d92898167e1f5485bbfe167ee8112ddba8444c0c708979fe6086b11cd317fad22f448d0f418b

Score

10^/10

masslogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

hesaphareketi000,pdf.exe

Resource

win7-20220414-en

masslogger persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

hesaphareketi000,pdf.exe

Resource

win10v2004-20220414-en

masslogger persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  hesaphareketi000,pdf.exe
- Size
  
  1.4MB
- MD5
  
  3212098204ac1cdaf6124a4613a48b39
- SHA1
  
  cf2bd91ae275ea715c62f9485485c36180c4a497
- SHA256
  
  7760fb6e2ea4f75a5248d6f670aa32bd991a2dd77c7e7d6b95b53a67d3654d02
- SHA512
  
  202886701e3b6e96026a12ec8ffbd18e7b3a7ebbacc6823bd88c2fe18a27f3069f1e0bfd85fe306cab25306176be3f012008cb2af4a4686bb74846698bb57bc0
Score

10^/10

masslogger persistence spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggerpersistencespywarestealer

behavioral2

massloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy