Overview

overview

10

Static

static

New Inquiry.exe

windows7_x64

10

New Inquiry.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3876a26f12c421029582584630654343a61b849df2ad186c46aa5088e57ad919

  • Size

    183KB

  • Sample

    220521-ncmv2sgegp

  • MD5

    6e8c359ef1c706c4af9271ad31244012

  • SHA1

    879968e5c54e8721c3d03431a2a59c79765bcec8

  • SHA256

    3876a26f12c421029582584630654343a61b849df2ad186c46aa5088e57ad919

  • SHA512

    e368a902423a462064cfd6df3fe2b33b812f032b35170c3146b64c7b35d5f94d26dd17e61a2d81195e652b17ada57512d29a730bb027a5f71c03885edd24f4f2

Score
10/10
m00nd3v_loggercollectioninfostealerspywarestealer

Malware Config

Targets

    • Target

      New Inquiry.pif

    • Size

      236KB

    • MD5

      45ec5d63516319155ce9d9b40dde3700

    • SHA1

      43fe9b80034ce048054f1f44ccc5a9bc5a8693c2

    • SHA256

      b0ffdd919be61a2c5329c7321a3beb4bbbd0a9a2d413e6a11d7f6803c662d04d

    • SHA512

      037ed8a7a199420f3934afb42bdd908afc2c5b152bfd8bd4cb6b95b1192ffcf6aa6d333958cd536f7b3fb4b6021c37b606f45e5205ea9f136e6104c88230c843

    Score
    10/10
    m00nd3v_loggercollectioninfostealerspywarestealer

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarem00nd3v_logger

    • M00nD3v Logger Payload

      Detects M00nD3v Logger payload in memory.

      infostealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks