masslogger | 37e17b0957c9b4b93bb5e72fa3a91ddd36524f1dd1d21b04dbc564649078bc79 | Triage

Submit
Reports

Overview

overview

Static

static

Skype.exe

windows7-x64

8

Skype.exe

windows10-2004-x64

Sharing

General

Target

Skype.exe
Size

66.8MB
Sample

220816-j3valaedhq
MD5

c098d8d920dafe67045eb2dfbc366ed0
SHA1

1f577c4495b36350f2c69639d652f991e752b912
SHA256

37e17b0957c9b4b93bb5e72fa3a91ddd36524f1dd1d21b04dbc564649078bc79
SHA512

2789c1fdc40123a0de3b3109078b2ba3c69943c6732322fc62382e6a022b0dbbc269b139b752f37072514fb8e857f6338945fe581fc8220087d8dee96a7dbb8a

Score

10^/10

masslogger discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Skype.exe

Resource

win7-20220812-en

windows7-x64

5 signatures

1200 seconds

Behavioral task

behavioral2

Sample

Skype.exe

Resource

win10v2004-20220812-en

masslogger discovery persistence spyware stealer

windows10-2004-x64

19 signatures

1200 seconds

Malware Config

Targets

- Target
  
  Skype.exe
- Size
  
  66.8MB
- MD5
  
  c098d8d920dafe67045eb2dfbc366ed0
- SHA1
  
  1f577c4495b36350f2c69639d652f991e752b912
- SHA256
  
  37e17b0957c9b4b93bb5e72fa3a91ddd36524f1dd1d21b04dbc564649078bc79
- SHA512
  
  2789c1fdc40123a0de3b3109078b2ba3c69943c6732322fc62382e6a022b0dbbc269b139b752f37072514fb8e857f6338945fe581fc8220087d8dee96a7dbb8a
Score

10^/10

masslogger discovery persistence spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- Vidar log file
  Detects a log file produced by Vidar.
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

massloggerdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy