General
-
Target
26-11-20_Dhl_Signed_document-pdf.exe
-
Size
5.3MB
-
Sample
201127-3ssdzp4s86
-
MD5
0ea58048397685461c50d29255cd32ac
-
SHA1
7ce3ba3cf6b124125b2da19109e9ea0dc48be4b9
-
SHA256
fba68e2814abacdbe354eb421f5fd731a64cf8410b9ded4e914373a7863c2e99
-
SHA512
4f923f5205475d4266b24333300ef0dce9dd4c0efe77fea252b97f66e121860e1c350b335fe93286d23d748c7ffb9b08c421bcb490fde915636fba26ca3df541
Static task
static1
Behavioral task
behavioral1
Sample
26-11-20_Dhl_Signed_document-pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
26-11-20_Dhl_Signed_document-pdf.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
26-11-20_Dhl_Signed_document-pdf.exe
-
Size
5.3MB
-
MD5
0ea58048397685461c50d29255cd32ac
-
SHA1
7ce3ba3cf6b124125b2da19109e9ea0dc48be4b9
-
SHA256
fba68e2814abacdbe354eb421f5fd731a64cf8410b9ded4e914373a7863c2e99
-
SHA512
4f923f5205475d4266b24333300ef0dce9dd4c0efe77fea252b97f66e121860e1c350b335fe93286d23d748c7ffb9b08c421bcb490fde915636fba26ca3df541
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-