General
-
Target
SecuriteInfo.com.Generic.mg.09461dab9ffe230c.28739
-
Size
4.0MB
-
Sample
210115-3393knxjbn
-
MD5
09461dab9ffe230c400ef832ebe00e98
-
SHA1
fc651c3527ab07f0179b0a81b5df5378cd94f6b5
-
SHA256
dbe304c73dd112440af84be5faeea3f2a417c76bbea5e07bd65f0ddae141198d
-
SHA512
e449696e88080e2badb53e7fb62f364c6b2c00aacffe102c1151db20f4b548d81c8664ef87aa206de1809baa2ed57534f6f1ab5440135eeb377e92c7c05bafc7
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Generic.mg.09461dab9ffe230c.28739
-
Size
4.0MB
-
MD5
09461dab9ffe230c400ef832ebe00e98
-
SHA1
fc651c3527ab07f0179b0a81b5df5378cd94f6b5
-
SHA256
dbe304c73dd112440af84be5faeea3f2a417c76bbea5e07bd65f0ddae141198d
-
SHA512
e449696e88080e2badb53e7fb62f364c6b2c00aacffe102c1151db20f4b548d81c8664ef87aa206de1809baa2ed57534f6f1ab5440135eeb377e92c7c05bafc7
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-