General
-
Target
71a808418f960c2f4027a2a749b13112e03c2caa9a6f9f46abf4b15e38453a07
-
Size
1.4MB
-
Sample
220329-wyvrsadfcm
-
MD5
0986d0e410e1068661a6fee8b422ec1c
-
SHA1
6feb281fd8bb4b764be34e624c4929241d6c20b0
-
SHA256
71a808418f960c2f4027a2a749b13112e03c2caa9a6f9f46abf4b15e38453a07
-
SHA512
abd92cb69536557f969e1e3803c18dfcb5cddf78aa5b3c18f86dedd6d0514be8168440f13989a65a096191c9f8d43a8f784d8fbe1c07064222b22db2e0a40dcb
Static task
static1
Behavioral task
behavioral1
Sample
71a808418f960c2f4027a2a749b13112e03c2caa9a6f9f46abf4b15e38453a07.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
71a808418f960c2f4027a2a749b13112e03c2caa9a6f9f46abf4b15e38453a07.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\23C2295DA4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\5A22B5680F\Log.txt
masslogger
Targets
-
-
Target
71a808418f960c2f4027a2a749b13112e03c2caa9a6f9f46abf4b15e38453a07
-
Size
1.4MB
-
MD5
0986d0e410e1068661a6fee8b422ec1c
-
SHA1
6feb281fd8bb4b764be34e624c4929241d6c20b0
-
SHA256
71a808418f960c2f4027a2a749b13112e03c2caa9a6f9f46abf4b15e38453a07
-
SHA512
abd92cb69536557f969e1e3803c18dfcb5cddf78aa5b3c18f86dedd6d0514be8168440f13989a65a096191c9f8d43a8f784d8fbe1c07064222b22db2e0a40dcb
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-