General
-
Target
3160373c517409c5ffe486b451db20e19751d16a6f414976fcfc90d7b555b751
-
Size
801KB
-
Sample
220417-jg31lsbahr
-
MD5
6e35405fc20287198df423dd9f5ec3a9
-
SHA1
66ccf52c2a20fa535883490cf5acc526e41d8a96
-
SHA256
3160373c517409c5ffe486b451db20e19751d16a6f414976fcfc90d7b555b751
-
SHA512
27f0d40108268c2aa7bc711dd4f9caa71a2cfbd942b7fbf61428ac54a17e5a253e15d3c82eacc0def124e8242a3d599f39efac1da480fd277cdf7271487db484
Malware Config
Targets
-
-
Target
3160373c517409c5ffe486b451db20e19751d16a6f414976fcfc90d7b555b751
-
Size
801KB
-
MD5
6e35405fc20287198df423dd9f5ec3a9
-
SHA1
66ccf52c2a20fa535883490cf5acc526e41d8a96
-
SHA256
3160373c517409c5ffe486b451db20e19751d16a6f414976fcfc90d7b555b751
-
SHA512
27f0d40108268c2aa7bc711dd4f9caa71a2cfbd942b7fbf61428ac54a17e5a253e15d3c82eacc0def124e8242a3d599f39efac1da480fd277cdf7271487db484
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-