Overview

overview

10

Static

static

Payment Copy.exe

windows7_x64

10

Payment Copy.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e9e3820339794ba98309ccfddbd4f251cc935445d6640b5c9b13a0b12129213

  • Size

    697KB

  • Sample

    220521-pkkw4aaffr

  • MD5

    3f955aafb6ff200f76882102f16c59c8

  • SHA1

    1503482ebbbe63005feb5becfabca75fa741f3bf

  • SHA256

    6e9e3820339794ba98309ccfddbd4f251cc935445d6640b5c9b13a0b12129213

  • SHA512

    7c12dc813815104d04c18cf2f5934141bd26b270f92b5496093de2967919781780f76c425ae39a5e8df59418db843cefbc6ee6bffb53e37cb511f070d4ff1133

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      Payment Copy.exe

    • Size

      764KB

    • MD5

      c42d141d2a0104b7b725a26fa811da2f

    • SHA1

      e0f42094eaabffd36242cc74bf6da042d7d89dc8

    • SHA256

      77105623676f77a5ecc6c88d65d0c23793969b03b45d4d24dc11ac706552e504

    • SHA512

      ce4226c66103ebce5025616c45ad02e4037f9e00636663dc5c3eccc14bc2128d8de063ea5d8e8cd94d5d359fab364eeade003895a2012f121916524519766e05

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks