General
-
Target
nwamamassloga.scr
-
Size
5.7MB
-
Sample
201213-y29fpt9dqj
-
MD5
fc822a19f7929313a6515de8f2570149
-
SHA1
b85459795c58be097e3cb6cbf8d7763c9bece136
-
SHA256
cf25b0ff9d683b638d718b02dcd5cce5bf0f42a121d9794c4048cacf38602940
-
SHA512
769c47ae9c3684f1bbcbc0e4cd4e1d6766f6c6efcbff14277a81b4854e58e4b5df4b001eac5ec6f4b2104ef77f65b206961af9b3d10476f25f09fc10c38f6e1a
Malware Config
Targets
-
-
Target
nwamamassloga.scr
-
Size
5.7MB
-
MD5
fc822a19f7929313a6515de8f2570149
-
SHA1
b85459795c58be097e3cb6cbf8d7763c9bece136
-
SHA256
cf25b0ff9d683b638d718b02dcd5cce5bf0f42a121d9794c4048cacf38602940
-
SHA512
769c47ae9c3684f1bbcbc0e4cd4e1d6766f6c6efcbff14277a81b4854e58e4b5df4b001eac5ec6f4b2104ef77f65b206961af9b3d10476f25f09fc10c38f6e1a
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-