Overview

overview

10

Static

static

Skype.exe

windows7-x64

8

Skype.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Skype.exe

  • Size

    66.8MB

  • Sample

    220816-j3valaedhq

  • MD5

    c098d8d920dafe67045eb2dfbc366ed0

  • SHA1

    1f577c4495b36350f2c69639d652f991e752b912

  • SHA256

    37e17b0957c9b4b93bb5e72fa3a91ddd36524f1dd1d21b04dbc564649078bc79

  • SHA512

    2789c1fdc40123a0de3b3109078b2ba3c69943c6732322fc62382e6a022b0dbbc269b139b752f37072514fb8e857f6338945fe581fc8220087d8dee96a7dbb8a

Score
10/10
massloggerdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      Skype.exe

    • Size

      66.8MB

    • MD5

      c098d8d920dafe67045eb2dfbc366ed0

    • SHA1

      1f577c4495b36350f2c69639d652f991e752b912

    • SHA256

      37e17b0957c9b4b93bb5e72fa3a91ddd36524f1dd1d21b04dbc564649078bc79

    • SHA512

      2789c1fdc40123a0de3b3109078b2ba3c69943c6732322fc62382e6a022b0dbbc269b139b752f37072514fb8e857f6338945fe581fc8220087d8dee96a7dbb8a

    Score
    10/10
    massloggerdiscoverypersistencespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • Vidar log file

      Detects a log file produced by Vidar.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks