General
-
Target
b78442ab204b03b70021c64336e5b1481ef2ecda74d6d6cead0af13fc1d9b44e
-
Size
1.0MB
-
Sample
220420-kwp8qsdhc9
-
MD5
8802b4bf7ac58aacf4e9c21e90b79df7
-
SHA1
d60038c985976958202eaa6326e222e418865863
-
SHA256
b78442ab204b03b70021c64336e5b1481ef2ecda74d6d6cead0af13fc1d9b44e
-
SHA512
89fcf9ab5af4401745d858dac2476d1ebff1e2a58cd6174ad3898054d96451991786763770020d25c79094447724f7d14ecd2ebaf4e7141bf8f50fa52f7f3f67
Malware Config
Targets
-
-
Target
b78442ab204b03b70021c64336e5b1481ef2ecda74d6d6cead0af13fc1d9b44e
-
Size
1.0MB
-
MD5
8802b4bf7ac58aacf4e9c21e90b79df7
-
SHA1
d60038c985976958202eaa6326e222e418865863
-
SHA256
b78442ab204b03b70021c64336e5b1481ef2ecda74d6d6cead0af13fc1d9b44e
-
SHA512
89fcf9ab5af4401745d858dac2476d1ebff1e2a58cd6174ad3898054d96451991786763770020d25c79094447724f7d14ecd2ebaf4e7141bf8f50fa52f7f3f67
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-