General
-
Target
scan00465.pdf.exe
-
Size
1.2MB
-
Sample
201109-2p7cjf9ste
-
MD5
52555fd6673c6f44b7b57d6e1833d1ef
-
SHA1
6c7dc7a759845917b43da8d5dd73e8f34623adff
-
SHA256
9ae31235da17306c07a77f94a3541a835f0033df9bc7636a39c984e8cea9e72a
-
SHA512
a217c4dc99f575c76d3894f2a4e78d810d00a8e5423093c3e9e622b4f94f46261efb74be76278d72c139f0196d20774ecc0ceb2f670768932fcf4e439df38847
Static task
static1
Behavioral task
behavioral1
Sample
scan00465.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
scan00465.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\60F5850B53\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.saritatravels.com - Port:
587 - Username:
sumits@saritatravels.com - Password:
sumits%$321
Extracted
C:\Users\Admin\AppData\Local\Temp\7C372DB998\Log.txt
masslogger
Targets
-
-
Target
scan00465.pdf.exe
-
Size
1.2MB
-
MD5
52555fd6673c6f44b7b57d6e1833d1ef
-
SHA1
6c7dc7a759845917b43da8d5dd73e8f34623adff
-
SHA256
9ae31235da17306c07a77f94a3541a835f0033df9bc7636a39c984e8cea9e72a
-
SHA512
a217c4dc99f575c76d3894f2a4e78d810d00a8e5423093c3e9e622b4f94f46261efb74be76278d72c139f0196d20774ecc0ceb2f670768932fcf4e439df38847
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-