General
-
Target
fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744
-
Size
929KB
-
Sample
220324-yhqh8sdfb5
-
MD5
3a82674a82c6821e9983caba6eff0898
-
SHA1
880893a2eea75aa04fa20c8a19a0fd214ed789cb
-
SHA256
fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744
-
SHA512
0c650837bf2e97c3146e2aabac891be25fc7f5b9fcdfb2b7f0cd9168ef178fffbdd6b07ca54a617ffa0dd2d6d04ae11bb5e5243e6c81d5cc3cb5ff6ab95a0050
Static task
static1
Behavioral task
behavioral1
Sample
fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
ayocj@2021
Targets
-
-
Target
fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744
-
Size
929KB
-
MD5
3a82674a82c6821e9983caba6eff0898
-
SHA1
880893a2eea75aa04fa20c8a19a0fd214ed789cb
-
SHA256
fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744
-
SHA512
0c650837bf2e97c3146e2aabac891be25fc7f5b9fcdfb2b7f0cd9168ef178fffbdd6b07ca54a617ffa0dd2d6d04ae11bb5e5243e6c81d5cc3cb5ff6ab95a0050
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-