Overview

overview

10

Static

static

3

ed88adb1fa...79.exe

windows7-x64

8

ed88adb1fa...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1893996d4f3bb0557b05d946daead381e58321099973579d43e0c00b9692049.zip

  • Size

    578KB

  • Sample

    250327-wdmknsxqv8

  • MD5

    31d7056c8f734c092d756361b05a674e

  • SHA1

    c73b182ef27b9d5a43a7b48c3340b2fca9324bf3

  • SHA256

    f1893996d4f3bb0557b05d946daead381e58321099973579d43e0c00b9692049

  • SHA512

    51d43b586f7e2d841d53cfece2be5b62ce393bc334a8fe23094e76f4e4cd9a948e143cddfb51061f4458d1f1ceb39d356f7bc781f082f0522ec7e2581fc0374e

  • SSDEEP

    12288:8LbuI86ELE0BayvFJ86EeZGtdkeWjOb/i6ORu1lNeiYHFvYX:8PuIZ8EWXfLEeYtdkeWj2/8Ru5YHFvYX

Score
10/10
massloggercollectiondiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      ed88adb1fab6005e7c44cb02346bd417aa47a32b0e14ec5c117156dadd37bc79.exe

    • Size

      1.3MB

    • MD5

      4c3f4f6690113cb6bfe349a2013eb4da

    • SHA1

      b76c0afa2b28452a5f2dc4c223d8e708268f6959

    • SHA256

      ed88adb1fab6005e7c44cb02346bd417aa47a32b0e14ec5c117156dadd37bc79

    • SHA512

      977939874979cfb90d3d3fd1c014031d4cee24fceb52fceab0868ef773b289c1b3983c70fe9e247b4380514498cf995f763587283f13dbefb3ad5937f097c195

    • SSDEEP

      24576:O9DmJQXyb5Ad4tGgUJJ1528LMhEMSoWN2D1zF:

    Score
    10/10
    discoverypersistencemassloggercollectionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main payload

    • Masslogger family

      masslogger

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks