General
-
Target
b15e49bdc9f192408bda7baa959949a62285764a42ebf6fe6cd2ac8e5ed3ec66
-
Size
1.5MB
-
Sample
220324-2f9e4scacj
-
MD5
7368e193487ba5df857bde3eed09c9e6
-
SHA1
04c6f6284b3f076053ced3391d5c7734d1598fbf
-
SHA256
b15e49bdc9f192408bda7baa959949a62285764a42ebf6fe6cd2ac8e5ed3ec66
-
SHA512
492168c0ae4b952394f46f66d7de4fc9fc93cd63b2317fd6d9530ad29f451c5e3138d39ece7241fad67e4c175e60991c4401d8168c4731c5ca2c9be85c4ecc59
Static task
static1
Behavioral task
behavioral1
Sample
EU Business Register.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
EU Business Register.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\23C2295DA4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Dmacdavid
Extracted
C:\Users\Admin\AppData\Local\Temp\20611F0545\Log.txt
masslogger
Targets
-
-
Target
EU Business Register.exe
-
Size
1.9MB
-
MD5
ada080e31c56a4d65a2e426890504121
-
SHA1
6d0878ae4973f39cf0e61b6f5ddd662866435ae7
-
SHA256
22d10edc3d0457dd81ee6cd9353e76b3208f8a549c290b80dea1efbbbe120c0b
-
SHA512
4a31546103f75b54e1b33fd7dbc95ebd5573ee74b53dc45edf86de527fd6a89a560fde82dfa217956788b0bd9cd5415d80d349de016d86b9dad58d519a42c54f
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-