Overview

overview

10

Static

static

ea2b0fcd4c...1a.exe

windows7_x64

10

ea2b0fcd4c...1a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea2b0fcd4c2149b99d1fa98e4f67baeee2b827db770d68ea2202be1402c7e31a

  • Size

    724KB

  • Sample

    220714-bbz3rsegck

  • MD5

    8c801bcd5404e6951355e5a128c95fca

  • SHA1

    0cb59615e4e19d3c56f08998e775c4b40c90ceda

  • SHA256

    ea2b0fcd4c2149b99d1fa98e4f67baeee2b827db770d68ea2202be1402c7e31a

  • SHA512

    b065e7ca45322e4fc572160fa46a667146d9f3f86493c71c92d9b038c350797d2eb314900dd84d784f3cacbd0ee56b39ac6046b8a3015b21afb31fb6824e416c

Score
10/10
m00nd3v_loggerinfostealerspywarestealer

Malware Config

Targets

    • Target

      ea2b0fcd4c2149b99d1fa98e4f67baeee2b827db770d68ea2202be1402c7e31a

    • Size

      724KB

    • MD5

      8c801bcd5404e6951355e5a128c95fca

    • SHA1

      0cb59615e4e19d3c56f08998e775c4b40c90ceda

    • SHA256

      ea2b0fcd4c2149b99d1fa98e4f67baeee2b827db770d68ea2202be1402c7e31a

    • SHA512

      b065e7ca45322e4fc572160fa46a667146d9f3f86493c71c92d9b038c350797d2eb314900dd84d784f3cacbd0ee56b39ac6046b8a3015b21afb31fb6824e416c

    Score
    10/10
    m00nd3v_loggerinfostealerspywarestealer

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarem00nd3v_logger

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

      infostealer

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks