General
-
Target
SecuriteInfo.com.Generic.mg.8fba7a5588916f13.10918
-
Size
4.5MB
-
Sample
210115-ggdeqztf2e
-
MD5
8fba7a5588916f139b2d03039e34c75c
-
SHA1
709bab3dd69e76171b525770be72524fd3ae8df9
-
SHA256
758eab6db6c23b1d0163bb7fc6ba684d507cbec32326d0c0773a1b8da0abfe6b
-
SHA512
8837e949495521db9327efede2a6c2be360c83ad7ac0c31144bbbbb13340d1b6e16d501b3d3d8851c4f1c57db945fd2654d17b2166bf210a802499c2632636f9
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Generic.mg.8fba7a5588916f13.10918.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Generic.mg.8fba7a5588916f13.10918.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\5FADD7138A\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\7C372DB998\Log.txt
masslogger
Targets
-
-
Target
SecuriteInfo.com.Generic.mg.8fba7a5588916f13.10918
-
Size
4.5MB
-
MD5
8fba7a5588916f139b2d03039e34c75c
-
SHA1
709bab3dd69e76171b525770be72524fd3ae8df9
-
SHA256
758eab6db6c23b1d0163bb7fc6ba684d507cbec32326d0c0773a1b8da0abfe6b
-
SHA512
8837e949495521db9327efede2a6c2be360c83ad7ac0c31144bbbbb13340d1b6e16d501b3d3d8851c4f1c57db945fd2654d17b2166bf210a802499c2632636f9
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-