General
-
Target
b9592b631258c5fde86c22eb289097d7dc26bd33156f69cb16077d34d532edf4
-
Size
862KB
-
Sample
220520-2aadtsaahj
-
MD5
757bf37ff10b19b762df32ece0bcdc62
-
SHA1
7704c806e2efe040a01a6e85aebf928a2d232f14
-
SHA256
b9592b631258c5fde86c22eb289097d7dc26bd33156f69cb16077d34d532edf4
-
SHA512
927641644be1487d2092d45b8dfecf33d5c551c599185c7cdbddba1caa682b319dde0446e906c489aa596e7b629ab5e9883f33bbbfd8561271afb67cde7ae966
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Halkbank,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Halkbank,pdf.exe
-
Size
893KB
-
MD5
a7624902cc07011b5dadbcdd8267c9dc
-
SHA1
7d983b597b535d60123a773a1c40fcc14e0500b7
-
SHA256
c0cb41070b74fa0e592f10c6d5312e55009f1cc884bd1c242591bc75c5f9e5eb
-
SHA512
64487fd6dd327d119fe52a79bd3b2ad602a2a5be418ae97bba71642e03f9e46347ef140c70826a2fbafca570817e798c2d76e93139f98f43c14a6f7208a3ebe9
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-