General
-
Target
yqd2LHZ8y57Bzy4.exe
-
Size
1.0MB
-
Sample
201205-egmv7wkxaj
-
MD5
1104a7c66dce20e0839b4a8519f68480
-
SHA1
5d0f34cf5d9b7ce3ca2698b1bc8443ff5d41ac66
-
SHA256
a3d5ac40f8cc27fb19a5aeef41569e8c91de45f19609e60af2555fba2540d348
-
SHA512
4a3fe4270f494590e46567a0781f3b5149ac4ad12b41582bdebb1a3513ea16c6b15e6af7a6329a2ac075f3c6012d668debdc6b24708343b6a80a7e30d5dd78d6
Static task
static1
Behavioral task
behavioral1
Sample
yqd2LHZ8y57Bzy4.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
yqd2LHZ8y57Bzy4.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
ayocj2021@gmail.com - Password:
ayocj@2021
Targets
-
-
Target
yqd2LHZ8y57Bzy4.exe
-
Size
1.0MB
-
MD5
1104a7c66dce20e0839b4a8519f68480
-
SHA1
5d0f34cf5d9b7ce3ca2698b1bc8443ff5d41ac66
-
SHA256
a3d5ac40f8cc27fb19a5aeef41569e8c91de45f19609e60af2555fba2540d348
-
SHA512
4a3fe4270f494590e46567a0781f3b5149ac4ad12b41582bdebb1a3513ea16c6b15e6af7a6329a2ac075f3c6012d668debdc6b24708343b6a80a7e30d5dd78d6
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-