General
-
Target
Rmittance Advice 017700 9001.exe
-
Size
989KB
-
Sample
201205-pxkzf782re
-
MD5
f71192136c55245729661eb552eaaf37
-
SHA1
5fc3105a3a5346b76dd879f4af88d275376207c0
-
SHA256
b5ac541a4baee69325c9f73ba6fe8e93d74fe3c302708373fab4fc0a55e3745b
-
SHA512
6058fc16d032b69add57dc0f63e236e235eea114e0fdb48a78c72e8d119f06277af588b2fc3086ab1cbff49f82b909c156a244d1b5c5a513ca5f805c634ec252
Static task
static1
Behavioral task
behavioral1
Sample
Rmittance Advice 017700 9001.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Rmittance Advice 017700 9001.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Rmittance Advice 017700 9001.exe
-
Size
989KB
-
MD5
f71192136c55245729661eb552eaaf37
-
SHA1
5fc3105a3a5346b76dd879f4af88d275376207c0
-
SHA256
b5ac541a4baee69325c9f73ba6fe8e93d74fe3c302708373fab4fc0a55e3745b
-
SHA512
6058fc16d032b69add57dc0f63e236e235eea114e0fdb48a78c72e8d119f06277af588b2fc3086ab1cbff49f82b909c156a244d1b5c5a513ca5f805c634ec252
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-