General
-
Target
SecuriteInfo.com.Trojan.PackedNET.405.30542.16556
-
Size
2.0MB
-
Sample
201201-pvvtlhszy2
-
MD5
5709c789c96df4555f4c517d085332be
-
SHA1
ae16866b3896b847fbd7ebb99a1c0e352cd1e160
-
SHA256
9cc36828708605652a9a1fc840e714b6fdaa685b9a63e0d81f49c39db35bcec1
-
SHA512
539805b21c0c93a7c031a20f49d85653419bfdec611355abb9c7c70476ae41beeced6f9c4b967b9288537873610059b737de84c2c2d6df1e485e579b093de531
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.405.30542.16556
-
Size
2.0MB
-
MD5
5709c789c96df4555f4c517d085332be
-
SHA1
ae16866b3896b847fbd7ebb99a1c0e352cd1e160
-
SHA256
9cc36828708605652a9a1fc840e714b6fdaa685b9a63e0d81f49c39db35bcec1
-
SHA512
539805b21c0c93a7c031a20f49d85653419bfdec611355abb9c7c70476ae41beeced6f9c4b967b9288537873610059b737de84c2c2d6df1e485e579b093de531
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-