General
-
Target
390c9d6078fafa5ac180640a91624c97bd890df83bd28935ed88da1c6d8f06f0
-
Size
929KB
-
Sample
220320-enrtpsgggn
-
MD5
a2653b287dfa62a796468f3b4448ec4a
-
SHA1
1991833faa3d891eada93247a1f71d807e09c4ee
-
SHA256
390c9d6078fafa5ac180640a91624c97bd890df83bd28935ed88da1c6d8f06f0
-
SHA512
3d4a226fba14ee9dfd4dd4b87ea497f89c52a6b626829ecd753175ca000c4901516ceaa93e0b96fd3ca5092bda296c596ed7ca25d696d31070cd8914b73da48e
Static task
static1
Behavioral task
behavioral1
Sample
390c9d6078fafa5ac180640a91624c97bd890df83bd28935ed88da1c6d8f06f0.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
390c9d6078fafa5ac180640a91624c97bd890df83bd28935ed88da1c6d8f06f0.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
mail.karpen.com.tr - Port:
587 - Username:
[email protected] - Password:
M9%63P_G
Targets
-
-
Target
390c9d6078fafa5ac180640a91624c97bd890df83bd28935ed88da1c6d8f06f0
-
Size
929KB
-
MD5
a2653b287dfa62a796468f3b4448ec4a
-
SHA1
1991833faa3d891eada93247a1f71d807e09c4ee
-
SHA256
390c9d6078fafa5ac180640a91624c97bd890df83bd28935ed88da1c6d8f06f0
-
SHA512
3d4a226fba14ee9dfd4dd4b87ea497f89c52a6b626829ecd753175ca000c4901516ceaa93e0b96fd3ca5092bda296c596ed7ca25d696d31070cd8914b73da48e
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-