General
-
Target
3710baf84c794fe82141d5baa97137ee.exe
-
Size
6.4MB
-
Sample
201217-4xcf8fj9gs
-
MD5
3710baf84c794fe82141d5baa97137ee
-
SHA1
5238b145897e6ba425e9bd8f889ed5f4bfbd5a7d
-
SHA256
0d838e7b6343155a98bd1d15cab670ae29c0c20dd992c6f97f80d3791e1cbd14
-
SHA512
77e39b14ef08844678b12722995a3ba3718e99a52b6bfe1fb011b29cf2c92a4a45746c858c7e8ecbbd7e3cc406ec15f07fc605f6c28997620e2e5b2b39c29ad1
Malware Config
Targets
-
-
Target
3710baf84c794fe82141d5baa97137ee.exe
-
Size
6.4MB
-
MD5
3710baf84c794fe82141d5baa97137ee
-
SHA1
5238b145897e6ba425e9bd8f889ed5f4bfbd5a7d
-
SHA256
0d838e7b6343155a98bd1d15cab670ae29c0c20dd992c6f97f80d3791e1cbd14
-
SHA512
77e39b14ef08844678b12722995a3ba3718e99a52b6bfe1fb011b29cf2c92a4a45746c858c7e8ecbbd7e3cc406ec15f07fc605f6c28997620e2e5b2b39c29ad1
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-