General
-
Target
Na4hsgjtrPIobAM.exe
-
Size
1.2MB
-
Sample
200717-anv1y888f6
-
MD5
11bb02cfce17265a128473afd7c40049
-
SHA1
9232267ebbbdb7599083f3340e4dc4d53fa7f96b
-
SHA256
0a699d50cee9fc3eb46b0703c5502a84fbb357757853e25474683baf8f477fe0
-
SHA512
f41eb62ccf52f71d94a9d731f84f16589207d4dd5343ca710b24bc9f3ab9585cd87f5c8eb15c14be810034341db98574c0de22a43f25ccc181201319e87e534c
Static task
static1
Behavioral task
behavioral1
Sample
Na4hsgjtrPIobAM.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Na4hsgjtrPIobAM.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\C8A579F880\Log.txt
masslogger
Targets
-
-
Target
Na4hsgjtrPIobAM.exe
-
Size
1.2MB
-
MD5
11bb02cfce17265a128473afd7c40049
-
SHA1
9232267ebbbdb7599083f3340e4dc4d53fa7f96b
-
SHA256
0a699d50cee9fc3eb46b0703c5502a84fbb357757853e25474683baf8f477fe0
-
SHA512
f41eb62ccf52f71d94a9d731f84f16589207d4dd5343ca710b24bc9f3ab9585cd87f5c8eb15c14be810034341db98574c0de22a43f25ccc181201319e87e534c
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-