General
-
Target
OOCLU57731000013.xls.exe
-
Size
892KB
-
Sample
201224-b2rlkhrj92
-
MD5
7c3df39bc1a99d5b392330206083461b
-
SHA1
7f60f5dc06d5f4a91d606312747bbc770226bbb3
-
SHA256
14836e19f657b3a82b1f58dfb846ff1eb66f72ea7eb9b840c2de4b2ceeddcddd
-
SHA512
3cab1494e1a137045c0b7eb005c169fb56b26efc7754b80ff44090502c11a4f96d36b0bd403cc309e0b9fca4220bad4cdcaa8b6905483fbb9d4ec000964c9985
Static task
static1
Behavioral task
behavioral1
Sample
OOCLU57731000013.xls.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
OOCLU57731000013.xls.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
OOCLU57731000013.xls.exe
-
Size
892KB
-
MD5
7c3df39bc1a99d5b392330206083461b
-
SHA1
7f60f5dc06d5f4a91d606312747bbc770226bbb3
-
SHA256
14836e19f657b3a82b1f58dfb846ff1eb66f72ea7eb9b840c2de4b2ceeddcddd
-
SHA512
3cab1494e1a137045c0b7eb005c169fb56b26efc7754b80ff44090502c11a4f96d36b0bd403cc309e0b9fca4220bad4cdcaa8b6905483fbb9d4ec000964c9985
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-