General
-
Target
c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2
-
Size
759KB
-
Sample
220329-xrzb3aebcm
-
MD5
71bb0a60e9de1d8efa73d3632f0352ae
-
SHA1
c6a7ec2d34aa4ac3371ff40175cfd36048de50e1
-
SHA256
c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2
-
SHA512
84d166b386561519d9c6c0b6f9bfce1b657cb0a2fe6b7a3e2e2249a701483f2119eafb612b3b7abf8b4727568bea9fe9eff3db28fdf7994dd1766083089d065e
Static task
static1
Behavioral task
behavioral1
Sample
c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2
-
Size
759KB
-
MD5
71bb0a60e9de1d8efa73d3632f0352ae
-
SHA1
c6a7ec2d34aa4ac3371ff40175cfd36048de50e1
-
SHA256
c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2
-
SHA512
84d166b386561519d9c6c0b6f9bfce1b657cb0a2fe6b7a3e2e2249a701483f2119eafb612b3b7abf8b4727568bea9fe9eff3db28fdf7994dd1766083089d065e
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-