General
-
Target
a961209c263c9a7f182b5e1085d467757df148a1fdf657f1896c3a2fc6000a75
-
Size
814KB
-
Sample
220520-2bepyaabdk
-
MD5
41a24747316d37115167e9b80d39b02d
-
SHA1
6e8c6b44bb7208b56a81ad03a9aa5311659fde70
-
SHA256
a961209c263c9a7f182b5e1085d467757df148a1fdf657f1896c3a2fc6000a75
-
SHA512
9eaf478f1205928493ea09d426644aec3ad0c38b5c56a6f8fd5ac976536a0916ddb5dabff684192e7036bb16fbf337b2b0b2e95478570daf51dc99072c637f2c
Static task
static1
Behavioral task
behavioral1
Sample
CBT7797.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CBT7797.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\8236ADF044\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
masslog1960
Targets
-
-
Target
CBT7797.exe
-
Size
916KB
-
MD5
582427037eed9808e9da752bea838469
-
SHA1
f3c53079cd585acc4d7081db69dd4fdce5e2b427
-
SHA256
e248fe5665f284ecbc2f4960e94ad2850f4564ce54339f9eff397ac354fa6619
-
SHA512
083fea3a851d95ebdd4e146324a6d4ba9d8ff0b7cf0647b31816d2ec8998589819447d5d02f2031b0d640b09fcc7337f33b0dea94cc64db423913855b3ff97aa
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-