General
-
Target
bcb30c2233345ccc3769c21dbfdecb20ec43339517204720f310ccfec29fe49a
-
Size
1.6MB
-
Sample
220520-3w5brscecp
-
MD5
3a9069909a170e2a6f90296392facbc0
-
SHA1
a495b38e28479bebfafe029384aebf62e9e5f04a
-
SHA256
bcb30c2233345ccc3769c21dbfdecb20ec43339517204720f310ccfec29fe49a
-
SHA512
cd9d1ae2f40c5383cb2c2c25a23c39aa2984ea77f64fcdce43ea022d89e095393ab917925448f46bbf6548c220dd65ea99795ea738d980e5a578fffde4b67e5c
Malware Config
Targets
-
-
Target
AUG10TH_.EXE
-
Size
1.1MB
-
MD5
9d1676055eebd75eb7abd7a09528776f
-
SHA1
da284df615ccefcf583175ec88ea887fc1d769b2
-
SHA256
b045f558a43c37201a204a240bd09b7da12735958ad5c8d317feff0044d132c4
-
SHA512
74197863ee985f7e974d794f3038dfe8bb4e1973107e424a06ed801c63b32a4e1fd2dd9be172343b8040bb663eaf5cb04a1b6659fa36b734d07a2e30547fb8fc
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-