General
-
Target
c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4
-
Size
805KB
-
Sample
220330-c849esfaa9
-
MD5
56e7aca17b3ac392edd902fbebdfcb5d
-
SHA1
3db34861004bbcdf8b387705ad00b5fcc0db328e
-
SHA256
c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4
-
SHA512
bbc6b950ec838e633f977e4c85f477ea0724dde32e33cb1b04e8f3821bdc6699c03139868a9e2f7e4a4343cf60c9179e90b7a3042533374d0eb9dadcdcd0792e
Static task
static1
Behavioral task
behavioral1
Sample
c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4.exe
Resource
win10v2004-20220331-en
Malware Config
Targets
-
-
Target
c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4
-
Size
805KB
-
MD5
56e7aca17b3ac392edd902fbebdfcb5d
-
SHA1
3db34861004bbcdf8b387705ad00b5fcc0db328e
-
SHA256
c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4
-
SHA512
bbc6b950ec838e633f977e4c85f477ea0724dde32e33cb1b04e8f3821bdc6699c03139868a9e2f7e4a4343cf60c9179e90b7a3042533374d0eb9dadcdcd0792e
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-