General
-
Target
2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1
-
Size
1002KB
-
Sample
220320-bbqjbsdfcn
-
MD5
a8eb54cfdbabd3b91b313fe353191074
-
SHA1
781a8e755076313748e8317ecf4e0c0a050da642
-
SHA256
2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1
-
SHA512
4c807116a25467760c0ba42c65bfb1c563e07027ab7b777b8f5de3a17d45c66e3c4df61d9bb73699d1b84a0c6ee47e441a74b25a69ddff7061261a1e943cfc94
Static task
static1
Behavioral task
behavioral1
Sample
2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
ayocj@2021
Targets
-
-
Target
2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1
-
Size
1002KB
-
MD5
a8eb54cfdbabd3b91b313fe353191074
-
SHA1
781a8e755076313748e8317ecf4e0c0a050da642
-
SHA256
2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1
-
SHA512
4c807116a25467760c0ba42c65bfb1c563e07027ab7b777b8f5de3a17d45c66e3c4df61d9bb73699d1b84a0c6ee47e441a74b25a69ddff7061261a1e943cfc94
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-