General
-
Target
Vessel Details.exe
-
Size
1.0MB
-
Sample
201202-r9phgjebnn
-
MD5
c937e1944545e46b2f249badce1502e5
-
SHA1
869346420d996877d43d8b316e5d20daf90e2c75
-
SHA256
2c0c11555412e75e830be16688aba26096a7110a3befefb865ddf5410a89a297
-
SHA512
4001dbfd7f5437133ef17dc044ffbcf68a2faf857d69aed2b17f9ef2bcb046a897e0b0139e1fc97711139711deea7f5e6d4022adc595a0a3814f6705c5605d89
Static task
static1
Behavioral task
behavioral1
Sample
Vessel Details.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Vessel Details.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: ftp- Host:
maaig.com - Port:
21 - Username:
info@maaig.com - Password:
E#T~&wyRgLDa
Extracted
Protocol: smtp- Host:
mail.vitracer.com - Port:
587 - Username:
sales@vitracer.com - Password:
vm85932754
Targets
-
-
Target
Vessel Details.exe
-
Size
1.0MB
-
MD5
c937e1944545e46b2f249badce1502e5
-
SHA1
869346420d996877d43d8b316e5d20daf90e2c75
-
SHA256
2c0c11555412e75e830be16688aba26096a7110a3befefb865ddf5410a89a297
-
SHA512
4001dbfd7f5437133ef17dc044ffbcf68a2faf857d69aed2b17f9ef2bcb046a897e0b0139e1fc97711139711deea7f5e6d4022adc595a0a3814f6705c5605d89
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-