Overview

overview

10

Static

static

Payment-Slip.exe

windows7_x64

10

Payment-Slip.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4102f72a2cb12da9f7cf539116f1922a6d2903440ec0f37ffe6bb03e784e6d29

  • Size

    672KB

  • Sample

    220521-pmesvsffb3

  • MD5

    6aaef0bdee19338b30634fc9ce7af6f5

  • SHA1

    4d817277f46b615bd047aaa8f4538e4bed66c5a4

  • SHA256

    4102f72a2cb12da9f7cf539116f1922a6d2903440ec0f37ffe6bb03e784e6d29

  • SHA512

    3c0e4a23a31245908c23e906ec53b658af4bcdbd2736179df6675291e3b0023c675628abf96a5f5fa0ebea86c3a995554a6b288b84365009d9ad70d1f2b1bea5

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      Payment-Slip.exe

    • Size

      736KB

    • MD5

      807cdf0fcf81b3a1543af2c2e35936dc

    • SHA1

      2b30620e6a457368da61cdf0ea03c2aa00334c89

    • SHA256

      1f1fd376897aa8454ec652f9927eecb50a0993a13aed6f6beb656c865291d565

    • SHA512

      79035da50e11b459c0023aa7048587ae82f7e3d9e156d8bcb1b9cb76ceec8d70a58b8971705c33adf42a7c45c804ff69c54b467dcef570d1455cc3ae9da0358b

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks