m00nd3v_logger | 2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d

General

Target

2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe
Size

996KB
MD5

050d5d7c33252bab23ac8c585429823f
SHA1

901c122bb282a270c486b34a21922be0a32509f3
SHA256

2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d
SHA512

0d02ecf77b055105b5a4f54e1b7f52167e5c01b6f1ccc0aa0ccc16fd4796fdfd36e85096ab8f928dfa62ae878650e43d9bc0d9e8479bdf6497397cb0dd99aee9

Score

10^/10

m00nd3v_logger infostealer spyware stealer

Malware Config

Signatures

M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
stealer spyware m00nd3v_logger

M00nD3v Logger Payload 2 IoCs

Detects M00nD3v Logger payload in memory.

infostealer

Processes:

resource	yara_rule
behavioral1/memory/956-63-0x0000000000400000-0x00000000004A8000-memory.dmp	m00nd3v_logger
behavioral1/memory/956-65-0x0000000000400000-0x00000000004FC000-memory.dmp	m00nd3v_logger

Suspicious use of SetThreadContext 1 IoCs

Processes:

2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

description	pid	process	target process
PID 1968 set thread context of 956	1968	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

Drops file in Windows directory 2 IoCs

Processes:

2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

description	ioc	process
File opened for modification	C:\Windows\win.ini	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe
File opened for modification	C:\Windows\win.ini	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

pid	process
1968	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe
956	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

Suspicious use of UnmapMainImage 1 IoCs

Processes:

2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

pid process

956 2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

pid	process
956	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

description	pid	process	target process
PID 1968 wrote to memory of 956	1968	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe
PID 1968 wrote to memory of 956	1968	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe
PID 1968 wrote to memory of 956	1968	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe
PID 1968 wrote to memory of 956	1968	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe	2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe

C:\Users\Admin\AppData\Local\Temp\2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe
"C:\Users\Admin\AppData\Local\Temp\2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe"
1⤵
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Users\Admin\AppData\Local\Temp\2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe
  "C:\Users\Admin\AppData\Local\Temp\2d05691d56a0c3e063635cff16f438fb53803e675b5112829ba76ae3c3f1414d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of UnmapMainImage
  PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win.ini

Filesize
509B

MD5
d2a2412bddba16d60ec63bd9550d933f

SHA1
deb3d3bdc9055f0b4909b31d3048446848fae0e1

SHA256
79ff2254e38192be1626d05bec6c82e10c85e1cf91df7440c4c443380a1e877a

SHA512
8fecada107f72e59e43a689eeb8e2e18fa6134d0941c122025ed5bd00e5eab8114d7125bd289505be75641385a0c3f112d402c693f142c3ddc870d5fa8116e31

Download Submit
memory/956-67-0x0000000000310000-0x0000000000318000-memory.dmp

Filesize
32KB

Download
memory/956-57-0x0000000000000000-mapping.dmp

Download
memory/956-63-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/956-65-0x0000000000400000-0x00000000004FC000-memory.dmp

Filesize
1008KB

Download
memory/956-68-0x00000000774C0000-0x0000000077669000-memory.dmp

Filesize
1.7MB

Download
memory/956-69-0x00000000776B0000-0x0000000077786000-memory.dmp

Filesize
856KB

Download
memory/956-70-0x0000000023260000-0x00000000239FC000-memory.dmp

Filesize
7.6MB

Download
memory/956-71-0x0000000074510000-0x0000000074ABB000-memory.dmp

Filesize
5.7MB

Download
memory/1968-62-0x00000000002D0000-0x00000000002D8000-memory.dmp

Filesize
32KB

Download
memory/1968-64-0x00000000774C0000-0x0000000077669000-memory.dmp

Filesize
1.7MB

Download
memory/1968-66-0x00000000776A0000-0x0000000077820000-memory.dmp

Filesize
1.5MB

Download
memory/1968-56-0x00000000764C1000-0x00000000764C3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads