General
-
Target
SQ-107840 ecola.exe
-
Size
534KB
-
Sample
201125-f16bsf38jx
-
MD5
518f6ed1cbce45a852df7606e708e409
-
SHA1
2821a319fbfb2dd492b06ea26b444bbf225abad3
-
SHA256
1e003aa6499e75fcb47a0288d1e43b523b13b394bb8b692eae0b314a124d6f26
-
SHA512
18e4668eeb73182efdaa8b6eeaac96a70bb7f311c7baac6b0915bb8d34a4e9b618dd2916f8df822a30209c1c1aa64a46a5fefa1cb0f82611187065b281d2c274
Static task
static1
Behavioral task
behavioral1
Sample
SQ-107840 ecola.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SQ-107840 ecola.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
SQ-107840 ecola.exe
-
Size
534KB
-
MD5
518f6ed1cbce45a852df7606e708e409
-
SHA1
2821a319fbfb2dd492b06ea26b444bbf225abad3
-
SHA256
1e003aa6499e75fcb47a0288d1e43b523b13b394bb8b692eae0b314a124d6f26
-
SHA512
18e4668eeb73182efdaa8b6eeaac96a70bb7f311c7baac6b0915bb8d34a4e9b618dd2916f8df822a30209c1c1aa64a46a5fefa1cb0f82611187065b281d2c274
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-