General
-
Target
f540b9fdb27c1e9e6c0c05a2c020044a.exe
-
Size
863KB
-
Sample
201109-5gn9tdgmna
-
MD5
f540b9fdb27c1e9e6c0c05a2c020044a
-
SHA1
ee4070cec57f16884fc511ee4a5b61d06585c6aa
-
SHA256
a2c284a50d4fc05794e3bce123492bd9e547b272d9f7b87832fdc72b681580e7
-
SHA512
101791d8c003b446f5f92b9186026a549993dd654e334e11dc41e92a232c49df7df83f232c96106fb7d6e94f8ced59a1165c4afe88c5bdec8a3f7a6bc462fd17
Static task
static1
Behavioral task
behavioral1
Sample
f540b9fdb27c1e9e6c0c05a2c020044a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f540b9fdb27c1e9e6c0c05a2c020044a.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\5FADD7138A\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\AEA604E53D\Log.txt
masslogger
Targets
-
-
Target
f540b9fdb27c1e9e6c0c05a2c020044a.exe
-
Size
863KB
-
MD5
f540b9fdb27c1e9e6c0c05a2c020044a
-
SHA1
ee4070cec57f16884fc511ee4a5b61d06585c6aa
-
SHA256
a2c284a50d4fc05794e3bce123492bd9e547b272d9f7b87832fdc72b681580e7
-
SHA512
101791d8c003b446f5f92b9186026a549993dd654e334e11dc41e92a232c49df7df83f232c96106fb7d6e94f8ced59a1165c4afe88c5bdec8a3f7a6bc462fd17
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-