General
-
Target
DHL_January 2021 at 70M_9B7290_PDF.exe
-
Size
837KB
-
Sample
210118-fwm4djvg46
-
MD5
24977e68cf3835f792b974848cdfc0eb
-
SHA1
61f35a68841f3f4ae4a52cd14420979e86355084
-
SHA256
f5a271d64ab777a898207f0614834620fbb7c4ebb741f7572afb2d13756f2b89
-
SHA512
06012e48b0b2c47ce3748b207d66034e989606b2895a43751bc464e7bbfffeaae3c014295d2364448326e18021d4f0df71a84f194e15e62c3237881c245ca544
Static task
static1
Behavioral task
behavioral1
Sample
DHL_January 2021 at 70M_9B7290_PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL_January 2021 at 70M_9B7290_PDF.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
DHL_January 2021 at 70M_9B7290_PDF.exe
-
Size
837KB
-
MD5
24977e68cf3835f792b974848cdfc0eb
-
SHA1
61f35a68841f3f4ae4a52cd14420979e86355084
-
SHA256
f5a271d64ab777a898207f0614834620fbb7c4ebb741f7572afb2d13756f2b89
-
SHA512
06012e48b0b2c47ce3748b207d66034e989606b2895a43751bc464e7bbfffeaae3c014295d2364448326e18021d4f0df71a84f194e15e62c3237881c245ca544
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-