General
-
Target
a798c34d4e626423e9cedf58ba8f612a9d8f1ecfa194ca58717be59f09b19c1c
-
Size
1003KB
-
Sample
220520-2bnylsabek
-
MD5
10d718128efbf092704ab97cff902666
-
SHA1
ce35f8e7ee57764839730effc203646268e005d8
-
SHA256
a798c34d4e626423e9cedf58ba8f612a9d8f1ecfa194ca58717be59f09b19c1c
-
SHA512
f5e538c9f7dbe7030cf8d5d457afea3e78605397fa6fd748575642cd479861d00842c326bd8e38f04a4acf749362d60f9a9bcba00375572b58d11c4083bbad18
Static task
static1
Behavioral task
behavioral1
Sample
supply of piping fittings oil and marine equipments.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
supply of piping fittings oil and marine equipments.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\8506BBE7FF\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
supply of piping fittings oil and marine equipments.exe
-
Size
1.1MB
-
MD5
71114597292cbbeef69227d51f1dec32
-
SHA1
39f9a184770fb6050aa761dbed9896e567d053b2
-
SHA256
2a1b3187f7000dfb10dff758fe598e73e58d6864c5a4579e7c35acd88314ca20
-
SHA512
fd2ec57ae4f670feccf3f34828169be90536922d1ef89227e580e665352a88fb02aee87c921fe95085709348ac2145354c7b6440a08832ff525d0b9a1bb7edb2
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-