General
-
Target
PO.exe
-
Size
1.5MB
-
Sample
201109-x3mv98jsex
-
MD5
f512638b09983b315c24199bffae80cc
-
SHA1
f62de084522901915b43ce766bca6e3a0797cdf3
-
SHA256
f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818
-
SHA512
a9566748c0c34168fafc88d2e3c1522fc7d1422266fa65b1beafbc82f45a88394d4ada16104b011e97f5e1396fa745d20bee185dc11447f4ad162e5c7ada48d8
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.acproyectos.com - Port:
587 - Username:
fallas@acproyectos.com - Password:
Falfal207@
Targets
-
-
Target
PO.exe
-
Size
1.5MB
-
MD5
f512638b09983b315c24199bffae80cc
-
SHA1
f62de084522901915b43ce766bca6e3a0797cdf3
-
SHA256
f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818
-
SHA512
a9566748c0c34168fafc88d2e3c1522fc7d1422266fa65b1beafbc82f45a88394d4ada16104b011e97f5e1396fa745d20bee185dc11447f4ad162e5c7ada48d8
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-