General
-
Target
70% Balance Payment.doc
-
Size
1.5MB
-
Sample
201217-4yffk8vs4n
-
MD5
63e67b366f23b4d30c4fdb120a476721
-
SHA1
75f61f87cb74992b86b6c1ddab2c4c2c53196b54
-
SHA256
d406b975d0f2b8252426508b73d1df1241e4272043ed22c9e64ad2d6ee4f45a9
-
SHA512
c4a6c0680e236df043650df53aca101f3324e2667e3d7ff5e6e18b26b4580b0369d4390eb2ff243c9390d003d0cf43d4019e0be9c78f32135dc7b2f75fb7b358
Static task
static1
Behavioral task
behavioral1
Sample
70% Balance Payment.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
70% Balance Payment.doc
Resource
win10v20201028
Malware Config
Targets
-
-
Target
70% Balance Payment.doc
-
Size
1.5MB
-
MD5
63e67b366f23b4d30c4fdb120a476721
-
SHA1
75f61f87cb74992b86b6c1ddab2c4c2c53196b54
-
SHA256
d406b975d0f2b8252426508b73d1df1241e4272043ed22c9e64ad2d6ee4f45a9
-
SHA512
c4a6c0680e236df043650df53aca101f3324e2667e3d7ff5e6e18b26b4580b0369d4390eb2ff243c9390d003d0cf43d4019e0be9c78f32135dc7b2f75fb7b358
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-