General
-
Target
RFQ_121720.exe
-
Size
1.2MB
-
Sample
201217-pjq2svrk1j
-
MD5
3ad67ecbfd9e60db3dbe32de2b834f76
-
SHA1
17d7b06dc1f28408c24e822c0c19153c5170d01d
-
SHA256
30920f99abe5eed123d3da56f24aca831bcc33e8e91548ef4bb3bc265f412fc2
-
SHA512
9adbbe07a5c372cdc08555ef64f93a30845b9b19080a5fd6d53018311dde6c3c281b98871ffa0cedf86fef92a2473c1f8ff9e12428a024ab0ab0b53b891e2c1e
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_121720.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ_121720.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
RFQ_121720.exe
-
Size
1.2MB
-
MD5
3ad67ecbfd9e60db3dbe32de2b834f76
-
SHA1
17d7b06dc1f28408c24e822c0c19153c5170d01d
-
SHA256
30920f99abe5eed123d3da56f24aca831bcc33e8e91548ef4bb3bc265f412fc2
-
SHA512
9adbbe07a5c372cdc08555ef64f93a30845b9b19080a5fd6d53018311dde6c3c281b98871ffa0cedf86fef92a2473c1f8ff9e12428a024ab0ab0b53b891e2c1e
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-