masslogger | 787b5673df899d1c39ec1a125f163573683ad8496ef64e9947729ab3853028ec | Triage

Sharing

General

Target

787b5673df899d1c39ec1a125f163573683ad8496ef64e9947729ab3853028ec
Size

568KB
MD5

686a8dbfbf497f4a5fb7b84dab792eb2
SHA1

0f0a755d1afd24e6db89d6a674d351e4dab56389
SHA256

787b5673df899d1c39ec1a125f163573683ad8496ef64e9947729ab3853028ec
SHA512

e60739a56dc7f2d6b2a63093cb650d74c45eaba4423c00f17ccf6d04c24e110b18168a391d780b7361426237f3238b50c4b5b8bd875621b4bbb65d3be009280c
SSDEEP

12288:bcqQdRrwU0ddoDeV9/3YZgOSOKjiOm7mPoT2R108sAsT:gENdd9/3Yd0jipk1+T

Score

10^/10

masslogger

Malware Config

Signatures

MassLogger Main Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/NEW ORDER INQUIRY.exe	family_masslogger

Masslogger family
masslogger

Files

787b5673df899d1c39ec1a125f163573683ad8496ef64e9947729ab3853028ec
.zip
NEW ORDER INQUIRY.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ