General
-
Target
465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
-
Size
1.3MB
-
Sample
220516-xgbs1scab7
-
MD5
a2a448cbb79929843341c4431d2ef420
-
SHA1
6f3d0c052c8d9844e59a9ee0a1efa35a41b77f64
-
SHA256
465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
-
SHA512
34778a4df8323a8627d4d658c5778005c09dc6b4ba1d39aea57f292a1eee2c14870e64d4fe13b449f33db63db27e0acb7be2289857f5a02eaec95998b37858dd
Malware Config
Targets
-
-
Target
465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
-
Size
1.3MB
-
MD5
a2a448cbb79929843341c4431d2ef420
-
SHA1
6f3d0c052c8d9844e59a9ee0a1efa35a41b77f64
-
SHA256
465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
-
SHA512
34778a4df8323a8627d4d658c5778005c09dc6b4ba1d39aea57f292a1eee2c14870e64d4fe13b449f33db63db27e0acb7be2289857f5a02eaec95998b37858dd
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-