General
-
Target
cxaunOASPiVka6y.exe
-
Size
958KB
-
Sample
201109-sjednfyhf6
-
MD5
25f14213809e9a73bb703503fdd72df7
-
SHA1
79eea20c462aba792a1f0eca0d23c76f954a3c8b
-
SHA256
70502bb6c9fd88cdce1092f83ef2f6408a039c7b9de5652cd22087159dd8ba28
-
SHA512
b087edb0563ad6110be8fac0cb20113e28b7c3b0e60bb017b6ab28cfeae47f9a36fd8644ba3c56bb49d88ccdcc24594e623795a897ec64f430671d472e4f8dd6
Static task
static1
Behavioral task
behavioral1
Sample
cxaunOASPiVka6y.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
cxaunOASPiVka6y.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\5FADD7138A\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
accounting@americantrevalerinc.com - Password:
1q2w3e4r5t
Extracted
C:\Users\Admin\AppData\Local\Temp\109933CE9F\Log.txt
masslogger
Targets
-
-
Target
cxaunOASPiVka6y.exe
-
Size
958KB
-
MD5
25f14213809e9a73bb703503fdd72df7
-
SHA1
79eea20c462aba792a1f0eca0d23c76f954a3c8b
-
SHA256
70502bb6c9fd88cdce1092f83ef2f6408a039c7b9de5652cd22087159dd8ba28
-
SHA512
b087edb0563ad6110be8fac0cb20113e28b7c3b0e60bb017b6ab28cfeae47f9a36fd8644ba3c56bb49d88ccdcc24594e623795a897ec64f430671d472e4f8dd6
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-