General
-
Target
PO-7546354.exe
-
Size
821KB
-
Sample
200708-h1lac1zals
-
MD5
0e39e0f49e3f74b7fe492f2f9b4e0969
-
SHA1
bc7fce8afc2a2d379e3e0714191dae859e3771a8
-
SHA256
b8ac4a45dbd25ba8bb4f71d53bb8615f6d00b9be95b6e976567377957d92c428
-
SHA512
a9b7539a91aa8593b5a15f2536069591e105ab75484a2bf3900aedbe9c2f6ab6bbed33ab000995f776471f51c86df17a17475c3997a000b854324d42eec4783c
Static task
static1
Behavioral task
behavioral1
Sample
PO-7546354.exe
Resource
win7
Behavioral task
behavioral2
Sample
PO-7546354.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\E2C1E8F1FA\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
cruizjamesvhjkl@
Targets
-
-
Target
PO-7546354.exe
-
Size
821KB
-
MD5
0e39e0f49e3f74b7fe492f2f9b4e0969
-
SHA1
bc7fce8afc2a2d379e3e0714191dae859e3771a8
-
SHA256
b8ac4a45dbd25ba8bb4f71d53bb8615f6d00b9be95b6e976567377957d92c428
-
SHA512
a9b7539a91aa8593b5a15f2536069591e105ab75484a2bf3900aedbe9c2f6ab6bbed33ab000995f776471f51c86df17a17475c3997a000b854324d42eec4783c
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-