masslogger | bae5c09e88e3a4540c3586bbfcc5fe3b72f6198893b46b31d1d870551b57cca9 | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTE CIF ...ED.exe

windows7-x64

QUOTE CIF ...ED.exe

windows10-2004-x64

Sharing

General

Target

a9d5d6466a5b4374eb90dc685cefdbb8_JaffaCakes118
Size

986KB
Sample

240819-gkrewaxejg
MD5

a9d5d6466a5b4374eb90dc685cefdbb8
SHA1

88e96020c19edf2c63fdf40062c71805dfb57b98
SHA256

bae5c09e88e3a4540c3586bbfcc5fe3b72f6198893b46b31d1d870551b57cca9
SHA512

362e4344cf7e1dc49d920886195f0d128a1a4f34824a2b9a5e926cb331e2ec6cd6727a892bfb051f9837a05ad91086cb996ad4c34e00355585ed778b7fe3a218
SSDEEP

24576:Lle2cAoqzwdrSvJgpXN51AYxDphMUerurCQu47J:L82cAsd+vupd9xzM1CrHu47J

Score

10^/10

masslogger defense_evasion discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTE CIF PRICES FOR ATTACHED.exe

Resource

win7-20240708-en

masslogger defense_evasion discovery spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTE CIF PRICES FOR ATTACHED.exe

Resource

win10v2004-20240802-en

masslogger defense_evasion discovery spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  QUOTE CIF PRICES FOR ATTACHED.exe
- Size
  
  1.0MB
- MD5
  
  4fb2fccce8717ef3702f39eb45167924
- SHA1
  
  103fbc869ca69a5cfd0bc6dbb81f4c2c41bc1ad9
- SHA256
  
  9dfba413d306830589105d96b90b5ea870b1975bd371350635ea1c2b591bcbd8
- SHA512
  
  1cf81de30c86b70e883b29b7203454f35280400462d4c03d42ef6a548dec7010f18b8134d7aa34209c82ae500247c5ee25bc9d371d08d849597744322cb72547
- SSDEEP
  
  24576:vZMVw2cA4qlsd7SbJG9XD57i8xnpBMUerG5CQEgB:xMW2cAadubQ9zTxTM1S5HEg
Score

10^/10

masslogger defense_evasion discovery spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggerdefense_evasiondiscoveryspywarestealer

behavioral2

massloggerdefense_evasiondiscoveryspywarestealer

© 2018-2024

Terms | Privacy