General
-
Target
vessel details.exe
-
Size
1.0MB
-
Sample
201201-8p3psar8jj
-
MD5
0cc939dccba0be64d2c6dc13e7b55729
-
SHA1
02d50dfe38ff1bc27d76ba3866d326f0a8777208
-
SHA256
373ff5729bbb58bba6a9426b0a35c58a921be8b76a3ccf1dd9f99f410af8dddd
-
SHA512
fff564d60bb71423007d24e3feda6288edf27fc65a1d2f02ffda4b8f9d4f435bd18985c220cd132d7505b234770a1f8eda9e77059884df65b24a955905506ae8
Static task
static1
Behavioral task
behavioral1
Sample
vessel details.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
vessel details.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: ftp- Host:
maaig.com - Port:
21 - Username:
info@maaig.com - Password:
E#T~&wyRgLDa
Extracted
Protocol: smtp- Host:
mail.vitracer.com - Port:
587 - Username:
sales@vitracer.com - Password:
vm85932754
Targets
-
-
Target
vessel details.exe
-
Size
1.0MB
-
MD5
0cc939dccba0be64d2c6dc13e7b55729
-
SHA1
02d50dfe38ff1bc27d76ba3866d326f0a8777208
-
SHA256
373ff5729bbb58bba6a9426b0a35c58a921be8b76a3ccf1dd9f99f410af8dddd
-
SHA512
fff564d60bb71423007d24e3feda6288edf27fc65a1d2f02ffda4b8f9d4f435bd18985c220cd132d7505b234770a1f8eda9e77059884df65b24a955905506ae8
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-