Overview

overview

10

Static

static

Company profile.exe

windows7_x64

10

Company profile.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee6e83dfe95c0dad3b4b307c81e5e590e455e49dca6858a34e274e88e079944f

  • Size

    670KB

  • Sample

    220521-xj791abhd7

  • MD5

    95d9f2c6843b9cc5171cffa241a1144c

  • SHA1

    498d69e15743f7d4d71b0270b12f7d50aae69050

  • SHA256

    ee6e83dfe95c0dad3b4b307c81e5e590e455e49dca6858a34e274e88e079944f

  • SHA512

    5b1d48adc2a0e75b17fe9fe13d93257620c7598455977c95ffb3b2146f2af7f5715242209c0bde8b1abf629731e61a236cea8621ad9d614dd6bf7d6075b75e2a

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      Company profile.exe

    • Size

      716KB

    • MD5

      16f704634dd7855cf929214dfaeaa9e8

    • SHA1

      e7af55b75a431c30265b7a63162611c44cfef296

    • SHA256

      e4e29eef439bf36287f9dc660155697cc2d227fbccd34d95a8b59c5451ba5287

    • SHA512

      8472440832759e87529151606aecc9cf4696f51c32cf4b9d6b338283bc6c937b0755dd945faa73baf36df1786030042a97883178f0d50db1fa57d160b12761a9

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks