General
-
Target
vqmoplwb.exe
-
Size
533KB
-
Sample
201125-16qfyy84ks
-
MD5
4eca35a8854e4290dcc797d9556244b4
-
SHA1
2432505bb2273b93659053c83e0b892f63b9105d
-
SHA256
b78c057366525777ab931d9a4a2962a2df499a6690aae1f3e215097d5adbb458
-
SHA512
4074179e92af89b3d6fa353143323445d4974101f444328c503e0ad3543e76cb4c9349ad3a6f4288c1445b552ee4823803f2c545b47d7d353b5bb09d0a96dc49
Static task
static1
Behavioral task
behavioral1
Sample
vqmoplwb.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
vqmoplwb.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
vqmoplwb.exe
-
Size
533KB
-
MD5
4eca35a8854e4290dcc797d9556244b4
-
SHA1
2432505bb2273b93659053c83e0b892f63b9105d
-
SHA256
b78c057366525777ab931d9a4a2962a2df499a6690aae1f3e215097d5adbb458
-
SHA512
4074179e92af89b3d6fa353143323445d4974101f444328c503e0ad3543e76cb4c9349ad3a6f4288c1445b552ee4823803f2c545b47d7d353b5bb09d0a96dc49
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-