General
-
Target
nwamamassloga.scr
-
Size
5.5MB
-
Sample
201215-gh2mh4cev6
-
MD5
22eda4f532ebc0f5994060c2d6cd2002
-
SHA1
10beb6ab238582776f0450a2c43502307f766ebd
-
SHA256
d0d99283b85e0d8c899857c8e9f37a51c6af357f915124078a367a0687607a29
-
SHA512
f66ebd885c3ae086e295782c748b18e8fa5df1bf69597a21f684d3558d5b3e5b738d0af1df39240c297efe950798341ceb463e8a81869ad66f4dcb2bc1ac2e5a
Static task
static1
Behavioral task
behavioral1
Sample
nwamamassloga.scr
Resource
win7v20201028
Behavioral task
behavioral2
Sample
nwamamassloga.scr
Resource
win10v20201028
Malware Config
Targets
-
-
Target
nwamamassloga.scr
-
Size
5.5MB
-
MD5
22eda4f532ebc0f5994060c2d6cd2002
-
SHA1
10beb6ab238582776f0450a2c43502307f766ebd
-
SHA256
d0d99283b85e0d8c899857c8e9f37a51c6af357f915124078a367a0687607a29
-
SHA512
f66ebd885c3ae086e295782c748b18e8fa5df1bf69597a21f684d3558d5b3e5b738d0af1df39240c297efe950798341ceb463e8a81869ad66f4dcb2bc1ac2e5a
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-