General
-
Target
7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3
-
Size
757KB
-
Sample
220329-xsf7waebdj
-
MD5
f51fbd759104b8425a569cf718a949ec
-
SHA1
c9105a4e8a0805576815498b6af0f9b1b6987c88
-
SHA256
7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3
-
SHA512
fe44c406540cb71e239e96401f3f6b1da1e10297f8e36676276668bcff1eefc4d3ae832fe83bcf8e654e318c9cf4d72b556bd5c50b02dd5c6fa82f750e40307f
Static task
static1
Behavioral task
behavioral1
Sample
7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3
-
Size
757KB
-
MD5
f51fbd759104b8425a569cf718a949ec
-
SHA1
c9105a4e8a0805576815498b6af0f9b1b6987c88
-
SHA256
7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3
-
SHA512
fe44c406540cb71e239e96401f3f6b1da1e10297f8e36676276668bcff1eefc4d3ae832fe83bcf8e654e318c9cf4d72b556bd5c50b02dd5c6fa82f750e40307f
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-