General
-
Target
79b0c9d309debac7384a0d5a95839b42be00d66aa0e545cf84060f3c0c8af22b
-
Size
807KB
-
Sample
220520-2emjysfbh3
-
MD5
8c847c72fe0cc8ebf7e0681cfc2c4773
-
SHA1
ca255b0496a7caa5ed405048987f10c5543c8fa7
-
SHA256
79b0c9d309debac7384a0d5a95839b42be00d66aa0e545cf84060f3c0c8af22b
-
SHA512
03aa0288fa14f7796b066c3b5e656380e9b097d52949b1735d1a6301cb4e4c4cbf9551fba6a77b456898f0525ef4a14407497f55388be3211c02df7486060ea2
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_PCPSPIRSZ2020022.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ_PCPSPIRSZ2020022.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\3B8E3C2477\Log.txt
masslogger
Targets
-
-
Target
RFQ_PCPSPIRSZ2020022.exe
-
Size
895KB
-
MD5
78b61b1e9b375628d02bf7d289b1aeab
-
SHA1
f861925e28320134d0458100c9898d6fdd8c0154
-
SHA256
a551bc2327862c1430dac51dce368001622525fae235ca689f7b055e0d3125c7
-
SHA512
05cd3aeefb9fee84c813af2951eccf2b5c2e1679a3fe892cdd9d6a37cc215064bde4e9a39f41c1afbba9e672020a1f7e5a7c25452f01ffe91ec54de48c2ef3cd
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-