General
-
Target
DHL_Jan 2021 at 13M_9B7290_PDF.exe
-
Size
715KB
-
Sample
210113-yffn7e6z4e
-
MD5
4cdf11f1b7678c63efd99d4b280d2f70
-
SHA1
6d9bab79cd3daaf832a7236bb0db30f1b5bc3732
-
SHA256
64e3a39bfe33b36e037ce76f733eb76ad58e55b9c21ab63b7772576a31884125
-
SHA512
713b6e06f9a0093e95880be6ebac97ea897608383702db814148ba568ffe338e4e0f7ae545d2fdf6b4c1875775187cc4964f01a6b5a5da3f7ab1e7d06e6ae398
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Jan 2021 at 13M_9B7290_PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL_Jan 2021 at 13M_9B7290_PDF.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
DHL_Jan 2021 at 13M_9B7290_PDF.exe
-
Size
715KB
-
MD5
4cdf11f1b7678c63efd99d4b280d2f70
-
SHA1
6d9bab79cd3daaf832a7236bb0db30f1b5bc3732
-
SHA256
64e3a39bfe33b36e037ce76f733eb76ad58e55b9c21ab63b7772576a31884125
-
SHA512
713b6e06f9a0093e95880be6ebac97ea897608383702db814148ba568ffe338e4e0f7ae545d2fdf6b4c1875775187cc4964f01a6b5a5da3f7ab1e7d06e6ae398
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-