General
-
Target
9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77
-
Size
914KB
-
Sample
220329-1tk41afhgn
-
MD5
0f3c38dc04fae704e7835db67b86337b
-
SHA1
94d7e2aafda6a765e0114b795f22795e0ce2eb3f
-
SHA256
9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77
-
SHA512
91aab1d38c5aaa4c107088a14ae8cd3632e67118c2dd59002757f040c858e32657c775ff5565117e0d19b63887e1b4d0ef89402abe627c033521341fc8b3e296
Static task
static1
Behavioral task
behavioral1
Sample
9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77.exe
Resource
win10v2004-20220310-en
Malware Config
Targets
-
-
Target
9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77
-
Size
914KB
-
MD5
0f3c38dc04fae704e7835db67b86337b
-
SHA1
94d7e2aafda6a765e0114b795f22795e0ce2eb3f
-
SHA256
9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77
-
SHA512
91aab1d38c5aaa4c107088a14ae8cd3632e67118c2dd59002757f040c858e32657c775ff5565117e0d19b63887e1b4d0ef89402abe627c033521341fc8b3e296
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-