General
-
Target
PO 202108 FOR JANUARY 2021.exe
-
Size
1.5MB
-
Sample
201231-a5wmwgrg72
-
MD5
d6fedf690e4ea4ba0918f9deddeb9b7a
-
SHA1
abb8d5664b096b6caa92993ffb75c3460f6cc7a0
-
SHA256
828a9fae03e6a20158c58a659f27371fbe9a836199a3327fe5ef457115cf0206
-
SHA512
5b3c0d624c76a5badb81c4fcb23137cee89736d4212016337a63f953a85ba033970e9f540cb63cf12bd876e0dfcfbed6a3a5817a734e8f53863d87baf0dec0cc
Static task
static1
Behavioral task
behavioral1
Sample
PO 202108 FOR JANUARY 2021.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO 202108 FOR JANUARY 2021.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\5FADD7138A\Log.txt
masslogger
Targets
-
-
Target
PO 202108 FOR JANUARY 2021.exe
-
Size
1.5MB
-
MD5
d6fedf690e4ea4ba0918f9deddeb9b7a
-
SHA1
abb8d5664b096b6caa92993ffb75c3460f6cc7a0
-
SHA256
828a9fae03e6a20158c58a659f27371fbe9a836199a3327fe5ef457115cf0206
-
SHA512
5b3c0d624c76a5badb81c4fcb23137cee89736d4212016337a63f953a85ba033970e9f540cb63cf12bd876e0dfcfbed6a3a5817a734e8f53863d87baf0dec0cc
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-