Overview

overview

10

Static

static

DHL BILL O...63.exe

windows7_x64

10

DHL BILL O...63.exe

windows10-2004_x64

6

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    31-05-2022 00:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DHL BILL OF LADING 62803217763.exe

  • Size

    736KB

  • MD5

    5577d22b593e5d028b779dd76891acf2

  • SHA1

    c6ab92abb2f50e484aa672f71f5d04093a21cc2b

  • SHA256

    64c4c850be4f8e9a0e12eeeb015c503dd5a2d0f22b8d872678227729bb6db757

  • SHA512

    3376f5c418b824343624ef1a38337f63ad49d03f71330a8419a60befdc5c355a5e8e2e862967ef846b8270832f0c6b9504b6620ea985d102ad7ecee83de84834

Score
10/10
massloggercollectionpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/31/2022 3:41:12 AM MassLogger Started: 5/31/2022 3:41:02 AM Interval: 6 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\DHL BILL OF LADING 62803217763.exe As Administrator: True

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Protected@123

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger Main Payload 32 IoCs
  • MassLogger log file 1 IoCs

    Detects a log file produced by MassLogger.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 15 IoCs
    collection
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DHL BILL OF LADING 62803217763.exe
    "C:\Users\Admin\AppData\Local\Temp\DHL BILL OF LADING 62803217763.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Users\Admin\AppData\Local\Temp\DHL BILL OF LADING 62803217763.exe
      "C:\Users\Admin\AppData\Local\Temp\DHL BILL OF LADING 62803217763.exe"
      2⤵
      • Checks computer location settings
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • outlook_office_path
      • outlook_win_path
      PID:668

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/316-54-0x0000000000800000-0x00000000008BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/316-55-0x0000000072D10000-0x000000007409F000-memory.dmp

    Filesize

    19.6MB

    Download

  • memory/316-56-0x0000000074970000-0x0000000074B04000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/316-57-0x00000000769D1000-0x00000000769D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/316-58-0x00000000003A0000-0x00000000003A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/316-59-0x0000000004C00000-0x0000000004CA8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/316-60-0x00000000715E0000-0x00000000722FD000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/316-61-0x00000000003D0000-0x00000000003E6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/316-62-0x0000000070E00000-0x00000000715E0000-memory.dmp

    Filesize

    7.9MB

    Download

  • memory/316-63-0x0000000074870000-0x000000007496C000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/316-64-0x00000000706C0000-0x0000000070DFE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/316-65-0x0000000000770000-0x0000000000786000-memory.dmp

    Filesize

    88KB

    Download

  • memory/316-66-0x0000000072300000-0x0000000072D10000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/316-67-0x00000000743B0000-0x0000000074581000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/316-68-0x0000000070590000-0x00000000706B3000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/316-69-0x0000000072D10000-0x000000007409F000-memory.dmp

    Filesize

    19.6MB

    Download

  • memory/316-70-0x00000000715E0000-0x00000000722FD000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/316-71-0x0000000070E00000-0x00000000715E0000-memory.dmp

    Filesize

    7.9MB

    Download

  • memory/316-72-0x00000000007E0000-0x00000000007F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/316-83-0x00000000743B0000-0x0000000074581000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/316-81-0x0000000072300000-0x0000000072D10000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/316-90-0x0000000072D10000-0x000000007409F000-memory.dmp

    Filesize

    19.6MB

    Download

  • memory/668-73-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-74-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-77-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-76-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-78-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-79-0x00000000004A218E-mapping.dmp

    Download

  • memory/668-82-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-85-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-87-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-89-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-92-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-94-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-97-0x0000000072D10000-0x000000007409F000-memory.dmp

    Filesize

    19.6MB

    Download

  • memory/668-96-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-99-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-101-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-103-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-105-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-108-0x0000000072300000-0x0000000072D10000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/668-107-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-110-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-112-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-114-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-116-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-118-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-120-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-122-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-128-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-126-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-132-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-136-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-140-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-138-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-134-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-130-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-124-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/668-590-0x0000000071B20000-0x0000000072300000-memory.dmp

    Filesize

    7.9MB

    Download

  • memory/668-591-0x0000000072D10000-0x000000007409F000-memory.dmp

    Filesize

    19.6MB

    Download

  • memory/668-592-0x0000000072300000-0x0000000072D10000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/668-593-0x0000000074930000-0x0000000074AC4000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/668-594-0x0000000070E00000-0x0000000071B1D000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/668-595-0x0000000074750000-0x000000007484C000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/668-596-0x000000006FF80000-0x00000000706BE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/668-597-0x0000000074410000-0x0000000074533000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/668-598-0x0000000074930000-0x0000000074AC4000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/668-599-0x0000000070E00000-0x0000000071B1D000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/668-600-0x0000000074750000-0x000000007484C000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/668-601-0x0000000074410000-0x0000000074533000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/668-602-0x0000000004C40000-0x0000000004C84000-memory.dmp

    Filesize

    272KB

    Download

  • memory/668-603-0x00000000708C0000-0x000000007098F000-memory.dmp

    Filesize

    828KB

    Download

  • memory/668-604-0x00000000706E0000-0x00000000708B1000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/668-605-0x0000000072D10000-0x000000007409F000-memory.dmp

    Filesize

    19.6MB

    Download

  • memory/668-606-0x0000000072300000-0x0000000072D10000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/668-607-0x0000000071B20000-0x0000000072300000-memory.dmp

    Filesize

    7.9MB

    Download

  • memory/668-608-0x0000000074930000-0x0000000074AC4000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/668-609-0x0000000070E00000-0x0000000071B1D000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/668-610-0x0000000074750000-0x000000007484C000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/668-611-0x000000006FF80000-0x00000000706BE000-memory.dmp

    Filesize

    7.2MB

    Download