Overview

overview

10

Static

static

256394119e...45.exe

windows7_x64

10

256394119e...45.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    36s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    11-06-2022 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    256394119ede05a8544c4c9ba964197bac7fa5c7aeccf58aef7c2b67bc0ddc45.exe

  • Size

    788KB

  • MD5

    eec2f17ba084b62fe9a20c9898838db7

  • SHA1

    0ae77e1421e7ae5fff9b6a771162b0114b674a7b

  • SHA256

    256394119ede05a8544c4c9ba964197bac7fa5c7aeccf58aef7c2b67bc0ddc45

  • SHA512

    90893d074ea672a3dbe40c29ea2b25984df4cfe134ee4248109cf91377859639fee1b5a3887dd1b9f046409c949f21e745e456f3825c24862e7320090e86bde9

Score
10/10
m00nd3v_loggerinfostealerspywarestealer

Malware Config

Signatures

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger
  • M00nD3v Logger Payload 1 IoCs

    Detects M00nD3v Logger payload in memory.

    infostealer
  • NirSoft MailPassView 1 IoCs

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView 1 IoCs

    Password recovery tool for various web browsers

  • Nirsoft 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\256394119ede05a8544c4c9ba964197bac7fa5c7aeccf58aef7c2b67bc0ddc45.exe
    "C:\Users\Admin\AppData\Local\Temp\256394119ede05a8544c4c9ba964197bac7fa5c7aeccf58aef7c2b67bc0ddc45.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:548
    • C:\Users\Admin\AppData\Local\Temp\256394119ede05a8544c4c9ba964197bac7fa5c7aeccf58aef7c2b67bc0ddc45.exe
      "C:\Users\Admin\AppData\Local\Temp\256394119ede05a8544c4c9ba964197bac7fa5c7aeccf58aef7c2b67bc0ddc45.exe"
      2⤵
        PID:916

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/548-56-0x00000000002B0000-0x00000000002B6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/548-57-0x0000000075D21000-0x0000000075D23000-memory.dmp

      Filesize

      8KB

      Download

    • memory/916-58-0x0000000000400000-0x000000000047B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/916-59-0x000000000040FFEF-mapping.dmp

      Download

    • memory/916-61-0x0000000000400000-0x000000000047B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/916-62-0x00000000006E0000-0x000000000077C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/916-65-0x0000000000400000-0x000000000047B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/916-67-0x0000000074C10000-0x00000000751BB000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/916-68-0x0000000000400000-0x000000000047B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/916-69-0x0000000074C10000-0x00000000751BB000-memory.dmp

      Filesize

      5.7MB

      Download