General
-
Target
nwamamassloga.scr
-
Size
6.0MB
-
Sample
201213-6czgxv4cyx
-
MD5
8d3ae4916c4df02016b0ac0e900341e5
-
SHA1
6ccab03ec2c6ecfebc013dd39c84d03742f541e8
-
SHA256
d25be05d2b6dc4275fb36d639f4e3e4598e42b904d0748e0574941cb6899ba51
-
SHA512
8840533d06655949d54e8c7fba6a868c5244744226b574c4d5f25da84caddc4a6543bd7b5a8183278be29d0bdda5f29473a6c652f9d93ce6ad7278da41c2799f
Malware Config
Targets
-
-
Target
nwamamassloga.scr
-
Size
6.0MB
-
MD5
8d3ae4916c4df02016b0ac0e900341e5
-
SHA1
6ccab03ec2c6ecfebc013dd39c84d03742f541e8
-
SHA256
d25be05d2b6dc4275fb36d639f4e3e4598e42b904d0748e0574941cb6899ba51
-
SHA512
8840533d06655949d54e8c7fba6a868c5244744226b574c4d5f25da84caddc4a6543bd7b5a8183278be29d0bdda5f29473a6c652f9d93ce6ad7278da41c2799f
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-