Overview

overview

10

Static

static

E-Posta Bi...df.exe

windows7_x64

9

E-Posta Bi...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e6257951c22e3a84dc43ca8c4c1662ee6dbea213ddedf332a381d6324dd2bb5

  • Size

    1.7MB

  • Sample

    220521-btvwrscea9

  • MD5

    f64876e51dbcceb156cb000aeb6fae87

  • SHA1

    655611cc5ce08bde6c47e7a502df9b02f2f43c18

  • SHA256

    5e6257951c22e3a84dc43ca8c4c1662ee6dbea213ddedf332a381d6324dd2bb5

  • SHA512

    c88c62efb9c175db1a4bc373aced8ea06ef7418d0b312a493b092a5b287f3815668955352d82a8987d46c9fcbc6cf0e52752e6ce2d343ad6a53e4ac8c9bc733a

Score
10/10
massloggercollectionrezer0spywarestealerupx

Malware Config

Targets

    • Target

      E-Posta Bildirimi pdf.exe

    • Size

      1.8MB

    • MD5

      844c618571ec3391014ae741256c55b4

    • SHA1

      8f8bdc69c3f9b7e254a92acedf804bd28f1fba9d

    • SHA256

      8a56ba9e9d571e7e4d1998b8f5771afccc88bbcdccfbe5f10fc8fe337f789215

    • SHA512

      e830955dd198e02e452f4d68c67e20c5f616c6fe6e94790e8400844318ca507b08606109ce74564f4fa9797212ddbd4ef1c7d0d54480085d499b7343f28075b2

    Score
    10/10
    rezer0upxmassloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks