General
-
Target
GH09227834.exe
-
Size
1.2MB
-
Sample
201211-35vfe1cxwa
-
MD5
8612ece9e9e0e5bc387570f6b2de8d0a
-
SHA1
8415a4951184de481880739186388cffb772d82b
-
SHA256
785e9b897ab7051dd056f69c5f1e98bb7280c3cf464718f0c18493f226901d4d
-
SHA512
4e6d582b3c5245f8a051263284587f267df9f15cd3dc498cdfc2d3bcd1be2a2eaaabf030fc558cece57e41ceac09c76cf891b54b6edf7d3c8e212ec0b3349426
Static task
static1
Behavioral task
behavioral1
Sample
GH09227834.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
GH09227834.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\5FADD7138A\Log.txt
masslogger
Targets
-
-
Target
GH09227834.exe
-
Size
1.2MB
-
MD5
8612ece9e9e0e5bc387570f6b2de8d0a
-
SHA1
8415a4951184de481880739186388cffb772d82b
-
SHA256
785e9b897ab7051dd056f69c5f1e98bb7280c3cf464718f0c18493f226901d4d
-
SHA512
4e6d582b3c5245f8a051263284587f267df9f15cd3dc498cdfc2d3bcd1be2a2eaaabf030fc558cece57e41ceac09c76cf891b54b6edf7d3c8e212ec0b3349426
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-