General
-
Target
01_extracted.exe
-
Size
706KB
-
Sample
210113-v98bsym81a
-
MD5
26321a18d20fbb143c096e4ed31aa3d5
-
SHA1
2be37b42a5254983d395e73d7d18b7a3e134cbf4
-
SHA256
dfcd2b701b1142718cfbeeaf21c4fcb618d8aa2482bea8821b440ed24a768a1e
-
SHA512
227a4e327f0f89cb5f39d7e5c0751d2a2c0941f8419607b173224c3f389c765ec4ad14db60527965df768c91383b86c1a81bae92b228b72db0281e2a5955b536
Malware Config
Targets
-
-
Target
01_extracted.exe
-
Size
706KB
-
MD5
26321a18d20fbb143c096e4ed31aa3d5
-
SHA1
2be37b42a5254983d395e73d7d18b7a3e134cbf4
-
SHA256
dfcd2b701b1142718cfbeeaf21c4fcb618d8aa2482bea8821b440ed24a768a1e
-
SHA512
227a4e327f0f89cb5f39d7e5c0751d2a2c0941f8419607b173224c3f389c765ec4ad14db60527965df768c91383b86c1a81bae92b228b72db0281e2a5955b536
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-