General
-
Target
f0023bfb3e94279390869945db35e97d284a4cf1ead2c2484d13488bfa63ef30
-
Size
6.0MB
-
Sample
220329-xhe7tseaak
-
MD5
7cc8265de52ff104b9aafb8e7c16e7ad
-
SHA1
f7bd5fd4ec32752306f07776e5915654f2473354
-
SHA256
f0023bfb3e94279390869945db35e97d284a4cf1ead2c2484d13488bfa63ef30
-
SHA512
db1f592a03bbc26d101ad91f3e4d634a607e652b3bb1bbc47dcbe419ed80c1e8bb1d96de54592619a593610ab1b1f36953ad4ac0b56d76724fc6a657eacd59cf
Static task
static1
Behavioral task
behavioral1
Sample
f0023bfb3e94279390869945db35e97d284a4cf1ead2c2484d13488bfa63ef30.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
f0023bfb3e94279390869945db35e97d284a4cf1ead2c2484d13488bfa63ef30.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
f0023bfb3e94279390869945db35e97d284a4cf1ead2c2484d13488bfa63ef30
-
Size
6.0MB
-
MD5
7cc8265de52ff104b9aafb8e7c16e7ad
-
SHA1
f7bd5fd4ec32752306f07776e5915654f2473354
-
SHA256
f0023bfb3e94279390869945db35e97d284a4cf1ead2c2484d13488bfa63ef30
-
SHA512
db1f592a03bbc26d101ad91f3e4d634a607e652b3bb1bbc47dcbe419ed80c1e8bb1d96de54592619a593610ab1b1f36953ad4ac0b56d76724fc6a657eacd59cf
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Modifies WinLogon for persistence
-
Turns off Windows Defender SpyNet reporting
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-