General
-
Target
afcf10e63edab00f0d543fc0bcec01ffea969babb753ce75ea875a6aa5eaf7a6
-
Size
822KB
-
Sample
220520-3zqb1scfem
-
MD5
b78fa59d1d505bb8e09c65d46eda9642
-
SHA1
0096618783f00cf3640c509e79dbb86d26c866ed
-
SHA256
afcf10e63edab00f0d543fc0bcec01ffea969babb753ce75ea875a6aa5eaf7a6
-
SHA512
135ddc3c18a87cd7bc16bb1ebfceb82d476ad0cb6abe4448d93d35110d5e175facdd5781edd65a1e9d15e6f5b0c68b04fef6e53d0f8ca298a5c3f227927c2bb7
Static task
static1
Behavioral task
behavioral1
Sample
paymet swift.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
paymet swift.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt
masslogger
Targets
-
-
Target
paymet swift.exe
-
Size
1.1MB
-
MD5
c3d8e5019f423a7c1ea2666ca16287c6
-
SHA1
35e02cc1c9e04f08e6f456c10705fd07f8289b49
-
SHA256
be5577611493fb291815b0a9ed2a682b283febf79ee5ab2e647087494dd3a9c4
-
SHA512
7b88728bddc5e404e465b7806e1f3c8277f9bbbe17993418cda1605196afc98c960324edb0a0179059b7e9518a01716f29c4905c2c0310c4dc9251a710a7944b
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-