General
-
Target
Shipping_Documents,pdf.exe
-
Size
1.7MB
-
Sample
201218-b32mrnajej
-
MD5
61194a8b23149ebf69368564521c9d33
-
SHA1
d01d1b7fa52b233722b61ff051c3861e7976ea38
-
SHA256
8f23a6b917f6634c7bac57a6f406edd640b449031ccc1795d8a3cd34987160b5
-
SHA512
1ae3d49b0f122fe0ba89755d5d947aba0a09c9584f22bc0e93fedef8f1d35373919c5cf75095b19a9ddc0819ed54423eac38054ed897e837bfd70ffb2bcb7bac
Static task
static1
Behavioral task
behavioral1
Sample
Shipping_Documents,pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Shipping_Documents,pdf.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Shipping_Documents,pdf.exe
-
Size
1.7MB
-
MD5
61194a8b23149ebf69368564521c9d33
-
SHA1
d01d1b7fa52b233722b61ff051c3861e7976ea38
-
SHA256
8f23a6b917f6634c7bac57a6f406edd640b449031ccc1795d8a3cd34987160b5
-
SHA512
1ae3d49b0f122fe0ba89755d5d947aba0a09c9584f22bc0e93fedef8f1d35373919c5cf75095b19a9ddc0819ed54423eac38054ed897e837bfd70ffb2bcb7bac
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-