General
-
Target
5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0
-
Size
5.9MB
-
Sample
220319-s2c5csche3
-
MD5
5d57f6237b49ba2e2d65dbf436177e06
-
SHA1
62d43dbeabfef6727bdf86ce7021ea0eaf79ee23
-
SHA256
5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0
-
SHA512
0dd0c60bd5128167c508399e079d0bf253935ac6d8a39fdf8a6ed7e984c3302d8b4abc07ecb043b65597fd5449927705d15bb11176f4ce86772caad70d76fcbe
Static task
static1
Behavioral task
behavioral1
Sample
5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0.exe
Resource
win10v2004-20220310-en
Malware Config
Targets
-
-
Target
5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0
-
Size
5.9MB
-
MD5
5d57f6237b49ba2e2d65dbf436177e06
-
SHA1
62d43dbeabfef6727bdf86ce7021ea0eaf79ee23
-
SHA256
5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0
-
SHA512
0dd0c60bd5128167c508399e079d0bf253935ac6d8a39fdf8a6ed7e984c3302d8b4abc07ecb043b65597fd5449927705d15bb11176f4ce86772caad70d76fcbe
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-