General
-
Target
63fba1f5865021524422da5131c7d8509ecfeee6358a87e90c77b9ce202de498
-
Size
773KB
-
Sample
220520-2ge8nafce8
-
MD5
9556e1b048e8e48db5c8cf801a12fc63
-
SHA1
00e35e3bf5f00ea9275cc3c377c0134e166518bf
-
SHA256
63fba1f5865021524422da5131c7d8509ecfeee6358a87e90c77b9ce202de498
-
SHA512
ded0b0e40c3bd1762ec27f19c65d86156a89be71471bdd49ace2bc6f8fa651652d26be1e296dda946624f1895e74f12740470ab19b970b0a7fe20f6c003de6a5
Static task
static1
Behavioral task
behavioral1
Sample
air way bill.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
air way bill.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt
masslogger
Targets
-
-
Target
air way bill.exe
-
Size
861KB
-
MD5
c9e0dc9c74c3782c0319ed1ce090287d
-
SHA1
9fabc323f888b25b7005d2f793ac941c9091f0f3
-
SHA256
b2169a0b14394b89cad7d3d4092b1a3e940c4504f9e7d982ebbcfd0b8c603530
-
SHA512
8d13fa2d64d7a5fcb6e57ec014b18e469092ab122a6850dffbe37afc7d752f5c80a50b4cfa171194cf1e96614c0c9c3de50978c9a26f50805b5a016c436180d5
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-