General
-
Target
bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93
-
Size
966KB
-
Sample
201109-ljcn4zymv6
-
MD5
47d7b2a7ff9c35fc3b49bfb8c400f2d5
-
SHA1
041a47cfdbc1a73c6418695a64179408487034e8
-
SHA256
bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93
-
SHA512
7c577d623ea794dbecb720e24c169e19f90e4bce1a5c854fb6ea65dd77bae00deefa81f73155447e4f13445f4eb7cb3ac9f102df4093d77433c8ebc3b5f7b935
Static task
static1
Behavioral task
behavioral1
Sample
bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\5FADD7138A\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\5FADD7138A\Log.txt
masslogger
Targets
-
-
Target
bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93
-
Size
966KB
-
MD5
47d7b2a7ff9c35fc3b49bfb8c400f2d5
-
SHA1
041a47cfdbc1a73c6418695a64179408487034e8
-
SHA256
bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93
-
SHA512
7c577d623ea794dbecb720e24c169e19f90e4bce1a5c854fb6ea65dd77bae00deefa81f73155447e4f13445f4eb7cb3ac9f102df4093d77433c8ebc3b5f7b935
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-