General
-
Target
fc838efc10c0a6b53ad9ad166e47b161d9682e0a339ffd62e2bef7e4d3313050
-
Size
821KB
-
Sample
220520-3hh7daghe8
-
MD5
aad33677f99bd1a842eedee6e25b4012
-
SHA1
58ada8728374ff6cebff05a6c188b929df8febe8
-
SHA256
fc838efc10c0a6b53ad9ad166e47b161d9682e0a339ffd62e2bef7e4d3313050
-
SHA512
f036ef17bbdcfe5a3af0bfa25286b539f012fb6966bb2c5a5b477de1d365313b879e0bf2c85e0b9489e451a2549472dea4448e0807f5696d9840243c460d4a04
Static task
static1
Behavioral task
behavioral1
Sample
PO38562110.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO38562110.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
PO38562110.exe
-
Size
936KB
-
MD5
bbb0b33663055f506d0dc4fa382b6ef6
-
SHA1
c97788c492ebd0f959f069ab5b6d341fb2fbcaa1
-
SHA256
6077a9d47232d6bb6425891c5c71096e21e4f961fa4b882004c4574a23321ab9
-
SHA512
d4adf010dd558fb0f6a70b09c675c636dbe70be04e1495dfd7b113b0975141e0e891c1723837c1bae114a327cc056718934196b6ea9843839c23f16f78a144b6
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-