General
-
Target
70b7e90d998239e628bb364f5d9d625d53a82318103b3da59810af74681f277c
-
Size
2.8MB
-
Sample
220520-qnslsadfh3
-
MD5
12f1a1ccaffeb9eed4955c2abd7c9d7e
-
SHA1
79966154677508805f09254b7cb2403861ffb6c7
-
SHA256
70b7e90d998239e628bb364f5d9d625d53a82318103b3da59810af74681f277c
-
SHA512
c22f28b7f74dcc3b791c82ce1134c354273af2fd2be65ad782d0cd4b7279a5efd708d3a6052468498afd20de9884b3a521c5b25b37c1c8d47c9529873cacef97
Malware Config
Extracted
Protocol: smtp- Host:
webmail.argo.com.br - Port:
587 - Username:
[email protected] - Password:
argo2019xa
Targets
-
-
Target
Urgent request for Quotation.exe
-
Size
3.3MB
-
MD5
62a7d430071026ab9826285d60354082
-
SHA1
fc028f6a25a1acd1f0741669bd257fa65aa87cdb
-
SHA256
d149c44a5c8f9d0589498409795b1e37bc9caf8bd3a41b50b0ab97a80ba096b7
-
SHA512
8611907c264600b72d2f517b396006d99869be932e3303af4aaa45e3e580348bbc6778baadfea2f3729dd0d5690a74988f5bac840f1f502b1cb801a6c8ab7f88
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-