General
-
Target
PAY SLIP.doc
-
Size
1.6MB
-
Sample
201217-wjvqjsmwan
-
MD5
badeca12a37ded3432f2c91260d438f7
-
SHA1
d51667dcda40dcf5f99ecfcd04be6f121b4e44af
-
SHA256
1fb6e6de431cb7352cb01ac2ce4a0cbeac9d50df267401a481f315b0e3bf7ff3
-
SHA512
ed7cd72d0a1132128f5b7c0bd59838ab8000a097453345a838df762456ba5d974e54d5454e86a6b994104a70b9f73ba8dd747096fd25347dfd591daea65b762f
Static task
static1
Behavioral task
behavioral1
Sample
PAY SLIP.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PAY SLIP.doc
Resource
win10v20201028
Malware Config
Targets
-
-
Target
PAY SLIP.doc
-
Size
1.6MB
-
MD5
badeca12a37ded3432f2c91260d438f7
-
SHA1
d51667dcda40dcf5f99ecfcd04be6f121b4e44af
-
SHA256
1fb6e6de431cb7352cb01ac2ce4a0cbeac9d50df267401a481f315b0e3bf7ff3
-
SHA512
ed7cd72d0a1132128f5b7c0bd59838ab8000a097453345a838df762456ba5d974e54d5454e86a6b994104a70b9f73ba8dd747096fd25347dfd591daea65b762f
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-