General
-
Target
23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998
-
Size
1.2MB
-
Sample
220325-hv9vmsfhcr
-
MD5
ad610eb3869add43809e66ac3bba7ea2
-
SHA1
9151b1c48efd4d6fd4f761cdfc7cdb09ebd99438
-
SHA256
23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998
-
SHA512
f7c9ac07fafb5090720a260ec9e4b559a6c2dc725aa013a8e9fbe0035701b7d1b6739597c46d44bc6d7a8546c2a8ed6d7b912c130d1630e1cf179f4ac3d2946b
Static task
static1
Behavioral task
behavioral1
Sample
23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
Protocol: smtp- Host:
bh-58.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#
Targets
-
-
Target
23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998
-
Size
1.2MB
-
MD5
ad610eb3869add43809e66ac3bba7ea2
-
SHA1
9151b1c48efd4d6fd4f761cdfc7cdb09ebd99438
-
SHA256
23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998
-
SHA512
f7c9ac07fafb5090720a260ec9e4b559a6c2dc725aa013a8e9fbe0035701b7d1b6739597c46d44bc6d7a8546c2a8ed6d7b912c130d1630e1cf179f4ac3d2946b
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-