General
-
Target
Machine_Specification.img
-
Size
1.2MB
-
Sample
201124-ndm4s5wh1j
-
MD5
27e992e0356385d72dc703b286292039
-
SHA1
67e307a49647453f74cffe21ab7ccf82a688539b
-
SHA256
fe58f1f1a965f99d61358250dba7792b77c805312677074209c9641fb8e3265a
-
SHA512
3f0d068982952ecc38ba3331b066cdeda5cbc1c43f680965cc715a04509c17156c0cb67eb04b5e7eea7d28ae0ff8cedc40a468791d45710f86260867516ed334
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATIO.EXE
Resource
win7v20201028
Behavioral task
behavioral2
Sample
QUOTATIO.EXE
Resource
win10v20201028
Malware Config
Targets
-
-
Target
QUOTATIO.EXE
-
Size
669KB
-
MD5
f29503b7cc609d116bf10301276cefd4
-
SHA1
09e5a76d532011881e144b03451a4000434f0a9d
-
SHA256
bd0f0e3a4eae909e89bd8134013b914a9279a39ac7ce8fc12d073cd821d60659
-
SHA512
30ba65bcd5527d74e0c78a67286214a6bb0d67d69b9d80d7b29a9d5c9c2601b105dc20dd597c79e63e2bac702b6c34e7e5d222f3448b4853a285aac20f1aad54
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-