General
-
Target
Payment Advice.exe
-
Size
21KB
-
Sample
201202-al4p7fwmb6
-
MD5
361662a43b699d9ec3cdfd282ae7d223
-
SHA1
1ed81bf68e94e16d1e56a78dc71c9fcd993e0973
-
SHA256
e39ed8bfee05ab6d964885748f4800bf955b47b59002213e34e5b9d331882b98
-
SHA512
0d1898d0b7204e2154d5d3b6a38d6b1d69e27d7368d6f214cc10e0d711e42293876ed18e5d228e18f4dcaaea6de02dd672a20820513e724fce917960b83a2f42
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.porathacorp.com - Port:
587 - Username:
devarajan@porathacorp.com - Password:
susila@22
Targets
-
-
Target
Payment Advice.exe
-
Size
21KB
-
MD5
361662a43b699d9ec3cdfd282ae7d223
-
SHA1
1ed81bf68e94e16d1e56a78dc71c9fcd993e0973
-
SHA256
e39ed8bfee05ab6d964885748f4800bf955b47b59002213e34e5b9d331882b98
-
SHA512
0d1898d0b7204e2154d5d3b6a38d6b1d69e27d7368d6f214cc10e0d711e42293876ed18e5d228e18f4dcaaea6de02dd672a20820513e724fce917960b83a2f42
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-