General
-
Target
354852369f73c1ea5373b80d41dcea51da050314e4166f6db31d77708181630d
-
Size
1.1MB
-
Sample
220420-e1257sfehj
-
MD5
0030b152a3b0a429ea3389f6b739c2a0
-
SHA1
46452a95e92729737ec83db171ac45f68380678d
-
SHA256
354852369f73c1ea5373b80d41dcea51da050314e4166f6db31d77708181630d
-
SHA512
e57e7c31cba09c52c502fec24a5c21db34cd8471b471c6e6f50104bba5e25e0326cf4868bc63150ead362f9670405f25b557274b3bbd5df1e85a88c4980c74ea
Malware Config
Targets
-
-
Target
354852369f73c1ea5373b80d41dcea51da050314e4166f6db31d77708181630d
-
Size
1.1MB
-
MD5
0030b152a3b0a429ea3389f6b739c2a0
-
SHA1
46452a95e92729737ec83db171ac45f68380678d
-
SHA256
354852369f73c1ea5373b80d41dcea51da050314e4166f6db31d77708181630d
-
SHA512
e57e7c31cba09c52c502fec24a5c21db34cd8471b471c6e6f50104bba5e25e0326cf4868bc63150ead362f9670405f25b557274b3bbd5df1e85a88c4980c74ea
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-