General
-
Target
SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587
-
Size
1.8MB
-
Sample
201215-25hnhh2kce
-
MD5
7ca2be12ff1d93475b123c77186f5121
-
SHA1
0c88c06553bc3117a7e6f68adb99f1f820ae912d
-
SHA256
121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8
-
SHA512
9f001624285ba6fc75650806e86780ad548a679407f8b33a03066284af5e22fada85d4f19e730aee441fba5cd1f251efaeca471f7a768c6710e5e7316f6bde96
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.bhavnatutor.com - Port:
587 - Username:
sales@bhavnatutor.com - Password:
Onyeoba111
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.Stealer.29660.11031.30587
-
Size
1.8MB
-
MD5
7ca2be12ff1d93475b123c77186f5121
-
SHA1
0c88c06553bc3117a7e6f68adb99f1f820ae912d
-
SHA256
121f9e2ca94382e2562bf30f1cc946ad1e221246ff5b7271dce48d693ec128e8
-
SHA512
9f001624285ba6fc75650806e86780ad548a679407f8b33a03066284af5e22fada85d4f19e730aee441fba5cd1f251efaeca471f7a768c6710e5e7316f6bde96
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-