General
-
Target
MY_self_cryped.exe
-
Size
1.2MB
-
Sample
200717-twcq7hccyj
-
MD5
cb0da230201048ec24ca733146c9d3ca
-
SHA1
fd5789a808f2d601640c591a47d2e7a31759d78f
-
SHA256
a543d22347f54870ae7dc14964a0242bfee089214c900abe01d1da6e2fcea6cc
-
SHA512
e3ce4a25725de7668d837a446b0978d2da51e50b591b28097f466c36ff9c42cb475ed58f4424cde31e99523dbaa12c3e7e1c8930a10eb9f5b90239651e28e7a8
Static task
static1
Behavioral task
behavioral1
Sample
MY_self_cryped.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
MY_self_cryped.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\C8A579F880\Log.txt
masslogger
Targets
-
-
Target
MY_self_cryped.exe
-
Size
1.2MB
-
MD5
cb0da230201048ec24ca733146c9d3ca
-
SHA1
fd5789a808f2d601640c591a47d2e7a31759d78f
-
SHA256
a543d22347f54870ae7dc14964a0242bfee089214c900abe01d1da6e2fcea6cc
-
SHA512
e3ce4a25725de7668d837a446b0978d2da51e50b591b28097f466c36ff9c42cb475ed58f4424cde31e99523dbaa12c3e7e1c8930a10eb9f5b90239651e28e7a8
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-