General
-
Target
bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862
-
Size
978KB
-
Sample
220320-a4j2ksdda6
-
MD5
aa1aa2d0307474108a549350c03ec3d5
-
SHA1
b86a42187c3232317f6caf43b10b77fdceaea89e
-
SHA256
bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862
-
SHA512
3d19b96bfb25952c0d4eb86a5bbc5649f696fa7ab2701bdbfa08ad430cdda70232275a697f5a73bca7e6c2f7e37a5f0fb2522683c755ea04f0d46d89556d9ab0
Static task
static1
Behavioral task
behavioral1
Sample
bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.accent.in - Port:
587 - Username:
[email protected] - Password:
sp@123456
Targets
-
-
Target
bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862
-
Size
978KB
-
MD5
aa1aa2d0307474108a549350c03ec3d5
-
SHA1
b86a42187c3232317f6caf43b10b77fdceaea89e
-
SHA256
bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862
-
SHA512
3d19b96bfb25952c0d4eb86a5bbc5649f696fa7ab2701bdbfa08ad430cdda70232275a697f5a73bca7e6c2f7e37a5f0fb2522683c755ea04f0d46d89556d9ab0
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-