Overview

overview

10

Static

static

1fa5e98ff0...2e.exe

windows7_x64

10

1fa5e98ff0...2e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fa5e98ff07d828201ef0f23497c1cb38b508659bd2ae8d588d3ca9b5851c82e

  • Size

    657KB

  • Sample

    220612-vr8jmaghfn

  • MD5

    9d1f2fcba0db07cf36399d5f2795914a

  • SHA1

    ffeca6e40d491f25e112ff3af098f83bfec1e02d

  • SHA256

    1fa5e98ff07d828201ef0f23497c1cb38b508659bd2ae8d588d3ca9b5851c82e

  • SHA512

    ff439554e2043aa37f9de994cdb357f3ed1ef2946735397fc20b37d4ff1864eeb58435f9e8dd16cf942f93316f4937962d9a187a191eb875be17a5707ce83fd9

Score
10/10
m00nd3v_loggerinfostealerspywarestealer

Malware Config

Targets

    • Target

      1fa5e98ff07d828201ef0f23497c1cb38b508659bd2ae8d588d3ca9b5851c82e

    • Size

      657KB

    • MD5

      9d1f2fcba0db07cf36399d5f2795914a

    • SHA1

      ffeca6e40d491f25e112ff3af098f83bfec1e02d

    • SHA256

      1fa5e98ff07d828201ef0f23497c1cb38b508659bd2ae8d588d3ca9b5851c82e

    • SHA512

      ff439554e2043aa37f9de994cdb357f3ed1ef2946735397fc20b37d4ff1864eeb58435f9e8dd16cf942f93316f4937962d9a187a191eb875be17a5707ce83fd9

    Score
    10/10
    m00nd3v_loggerinfostealerspywarestealer

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarem00nd3v_logger

    • M00nD3v Logger Payload

      Detects M00nD3v Logger payload in memory.

      infostealer

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks