General
-
Target
CDO1029-022019 PURCHASE ORDER_PDF.exe
-
Size
1.8MB
-
Sample
201109-k25l7lnjr2
-
MD5
51a186f64b59903d7217774720d0c34d
-
SHA1
f8454553259eb85213545c5fa3a7c558b6424642
-
SHA256
812efd5114e9e1d9ae0898435aa593322a4ef9a39ddd1befe6fc9382ed1cfc0f
-
SHA512
17503c88251411ce7fa6188d9eecfb8e0037d0858dac2820a33b0214d6f23b8306b65a96b559eea386971cd76edd7b3f01c4a6be236acd07cd893ce379870145
Static task
static1
Behavioral task
behavioral1
Sample
CDO1029-022019 PURCHASE ORDER_PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
CDO1029-022019 PURCHASE ORDER_PDF.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.gcco.dz - Port:
587 - Username:
contact@gcco.dz - Password:
CKnt@CtGcc0
Targets
-
-
Target
CDO1029-022019 PURCHASE ORDER_PDF.exe
-
Size
1.8MB
-
MD5
51a186f64b59903d7217774720d0c34d
-
SHA1
f8454553259eb85213545c5fa3a7c558b6424642
-
SHA256
812efd5114e9e1d9ae0898435aa593322a4ef9a39ddd1befe6fc9382ed1cfc0f
-
SHA512
17503c88251411ce7fa6188d9eecfb8e0037d0858dac2820a33b0214d6f23b8306b65a96b559eea386971cd76edd7b3f01c4a6be236acd07cd893ce379870145
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-