onlylogger | a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d

Analysis

max time kernel
148s
max time network
155s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
08-11-2022 17:44

Target

a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
Size

385KB
MD5

ffa06f234334af87d130340b4dada0e7
SHA1

637722f366a30f0d6f1f5c76f341b7c97b85bdb3
SHA256

a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d
SHA512

fb4dc1dfc064e02ddc09f9f648b7ab8f636f536a6068c70a53c83e3066d123e29902f1a6ffd009155b90a879bedabf57539614c2c2efe1bc84afbb8aad4258a3
SSDEEP

6144:650oi1EV0HU8UtZ8VIJvILD58RcBpySzdj17TfIq25cczCmDCs60WW:82HUXT8IJwWRcP9jVfIqSc4PD1x

Score

10^/10

onlylogger loader

OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1712-56-0x00000000002E0000-0x0000000000324000-memory.dmp	family_onlylogger
behavioral1/memory/1712-57-0x0000000000400000-0x0000000000505000-memory.dmp	family_onlylogger

C:\Users\Admin\AppData\Local\Temp\a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
"C:\Users\Admin\AppData\Local\Temp\a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe"
1⤵
PID:1712

memory/1712-54-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download
memory/1712-55-0x00000000005DB000-0x0000000000603000-memory.dmp

Filesize
160KB

Download
memory/1712-56-0x00000000002E0000-0x0000000000324000-memory.dmp

Filesize
272KB

Download
memory/1712-57-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/1712-58-0x00000000005DB000-0x0000000000603000-memory.dmp

Filesize
160KB

Download