General
-
Target
new order xls.exe
-
Size
1.8MB
-
Sample
201109-tl5tlw5jk2
-
MD5
60826b549c1baaa5f34d192d54aa91f2
-
SHA1
9650ab46ee8f654c260e712b2d3b0443a5ca1d7c
-
SHA256
25713dac1c6cb3444ccdb4439510b4e396fd217fcd6a5d1c3d40b48ae2716616
-
SHA512
3b124114ee2c8ee28386b201eb0e8b8411731d5f3dd19530443d4a5e8891e90d59e95e05218f3043f3364598abb7cc18fe2fc1dd483c00c21a42f0368b200e79
Static task
static1
Behavioral task
behavioral1
Sample
new order xls.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
new order xls.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
new order xls.exe
-
Size
1.8MB
-
MD5
60826b549c1baaa5f34d192d54aa91f2
-
SHA1
9650ab46ee8f654c260e712b2d3b0443a5ca1d7c
-
SHA256
25713dac1c6cb3444ccdb4439510b4e396fd217fcd6a5d1c3d40b48ae2716616
-
SHA512
3b124114ee2c8ee28386b201eb0e8b8411731d5f3dd19530443d4a5e8891e90d59e95e05218f3043f3364598abb7cc18fe2fc1dd483c00c21a42f0368b200e79
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-