General
-
Target
fizetési igazolás.eml.msg
-
Size
30KB
-
Sample
201201-nqqtg2se2n
-
MD5
7957f01e3dd58bf95c0a0cba694c6825
-
SHA1
0a81b978e6ffc9d908391354dc2409ec93f6c9e2
-
SHA256
2479411adb58bd76f54b991f75232058de6c387f7fe639bc66c13731ec81dff8
-
SHA512
a91c256cb8fc9db22929e2bf8a08dc25cbb176b9c46bd671bb08c8ffbca0c3164a5ffaea6cd28f0e20ac5c8922e35f37482d9835c4f050bd021b64af11ca51bd
Static task
static1
Behavioral task
behavioral1
Sample
fizetési_visszaigazolás.js
Resource
win7v20201028
Behavioral task
behavioral2
Sample
fizetési_visszaigazolás.js
Resource
win10v20201028
Malware Config
Targets
-
-
Target
fizetési_visszaigazolás.js
-
Size
3KB
-
MD5
3c4c51617719e0431c8947756c1a79e2
-
SHA1
d4ce83ce15355ddd4940a2d739e9eef978e0921c
-
SHA256
03cb959ae09b02512f1793b03afa9092886bbeb9b38b9404a583e7ab6889df4a
-
SHA512
7138b5b3c2dad718a539a4e62a7d1edf7c80578af9e9dfb9501da9b66000d38c949f79c78e2e580c68d1e06cbac97740955292002546d3e9d3e8a168fb265b6c
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-