Overview

overview

10

Static

static

3a81cf5da9...db.exe

windows7_x64

10

3a81cf5da9...db.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a81cf5da9b70be10b5ee6d4bd488ddb768d9f63ca459963051dbc30bd4455db

  • Size

    1.1MB

  • Sample

    220625-dxysyaeee6

  • MD5

    885a6b438fe3c23b4d8d09c43034d173

  • SHA1

    e5993444aca13b4526a96e36e594dcc61a9022b1

  • SHA256

    3a81cf5da9b70be10b5ee6d4bd488ddb768d9f63ca459963051dbc30bd4455db

  • SHA512

    dd23455c1c1102af094cc7a8d2397359eeda0e609c94f435424c202615f8a002df34e8db89a0a6499138b0a4ad8733886e809fc444f9249acd976996b1e3644a

Score
10/10
m00nd3v_loggerinfostealerpersistencespywarestealer

Malware Config

Targets

    • Target

      3a81cf5da9b70be10b5ee6d4bd488ddb768d9f63ca459963051dbc30bd4455db

    • Size

      1.1MB

    • MD5

      885a6b438fe3c23b4d8d09c43034d173

    • SHA1

      e5993444aca13b4526a96e36e594dcc61a9022b1

    • SHA256

      3a81cf5da9b70be10b5ee6d4bd488ddb768d9f63ca459963051dbc30bd4455db

    • SHA512

      dd23455c1c1102af094cc7a8d2397359eeda0e609c94f435424c202615f8a002df34e8db89a0a6499138b0a4ad8733886e809fc444f9249acd976996b1e3644a

    Score
    10/10
    m00nd3v_loggerinfostealerpersistencespywarestealer

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarem00nd3v_logger

    • M00nD3v Logger Payload

      Detects M00nD3v Logger payload in memory.

      infostealer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks