Overview

overview

10

Static

static

fHkKqT7NSq10OIH.exe

windows7_x64

10

fHkKqT7NSq10OIH.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c0ea5386a5ec2a05300bc4703eef315e2bd9c66c2946712a924bda136f71406

  • Size

    837KB

  • Sample

    220712-jq7p6aghgl

  • MD5

    d6e26b82e85b8f361f294f33cca737c3

  • SHA1

    331a523b216f172c1fd1acdf2d74ff151bf86a85

  • SHA256

    4c0ea5386a5ec2a05300bc4703eef315e2bd9c66c2946712a924bda136f71406

  • SHA512

    09c8f1caf13b3ebecb12d1d8b2c0865b9a039d1ad092a0576bb8af8248e26147297ae8b0717470cd1bf515b7fea0b0a4eae18352943ae274ef6a97d122d92eaf

Score
10/10
massloggercollectionspywarestealer

Malware Config

Targets

    • Target

      fHkKqT7NSq10OIH.exe

    • Size

      910KB

    • MD5

      6b052b8275ce99c42a76e512e23a63ee

    • SHA1

      e9fc0f1243e9f60c61c2dae6d1bc0e1f9cec61d7

    • SHA256

      88d7ccc6752536d44a533c184e24437ec1181dc841ed7c1fa6bcc408add5340e

    • SHA512

      a832e28309d4ee75f2c27f6df9b0dbf90d06b5dc3acd88bacc15cdec32e9397102146647fe6aa1d839ef7cb808a4d7052c34ee9ab3e465d8c2335f3783eb8a0a

    Score
    10/10
    massloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks