General
-
Target
e4ef7fd36fe35a933c6ac97a274a0598a78cfb4f5144525c0ad25d5b55f1a3a4
-
Size
804KB
-
Sample
220330-c75hssehh5
-
MD5
277d2552513e4d0d0b60ee61d55f0e37
-
SHA1
9c556c184ea92857197a3934b894660e3416b30e
-
SHA256
e4ef7fd36fe35a933c6ac97a274a0598a78cfb4f5144525c0ad25d5b55f1a3a4
-
SHA512
fa76bd9b0c1e477d3dd8ad78e38cb9efc5088bc83e2eb54812062cdbd1191700634cb3443b704de3aecec6fcf714840473d7eeda3f3cf5a7a606637b0aab4b82
Malware Config
Targets
-
-
Target
e4ef7fd36fe35a933c6ac97a274a0598a78cfb4f5144525c0ad25d5b55f1a3a4
-
Size
804KB
-
MD5
277d2552513e4d0d0b60ee61d55f0e37
-
SHA1
9c556c184ea92857197a3934b894660e3416b30e
-
SHA256
e4ef7fd36fe35a933c6ac97a274a0598a78cfb4f5144525c0ad25d5b55f1a3a4
-
SHA512
fa76bd9b0c1e477d3dd8ad78e38cb9efc5088bc83e2eb54812062cdbd1191700634cb3443b704de3aecec6fcf714840473d7eeda3f3cf5a7a606637b0aab4b82
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-