General
-
Target
e2b3c13bf7b857328d2e96aec3f805d888c0acd1464be9db317466965840d099
-
Size
818KB
-
Sample
220520-rtvh1agdd7
-
MD5
fc718147d92824fe64074c0415523a93
-
SHA1
bd31ea898cac86e4ac27c7b9c09504073a18321e
-
SHA256
e2b3c13bf7b857328d2e96aec3f805d888c0acd1464be9db317466965840d099
-
SHA512
bebfa468e7228473140b0291681fadd7de616147f55ad2e619b1e46c7c472f37c65caf149de1b61e69b36917774afae45acf30a339f6ba14c4ac4b5e9f58ba78
Static task
static1
Behavioral task
behavioral1
Sample
MV-587625463249.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV-587625463249.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\8506BBE7FF\Log.txt
masslogger
Targets
-
-
Target
MV-587625463249.exe
-
Size
1.1MB
-
MD5
9d2c7ffb0191187ba29fa9103b854a05
-
SHA1
65a8fd9e33af2a1c9aa337ff9929983e916547ec
-
SHA256
067a20f61fe8c8b7dcba4dbfb0b48dbbba66d76db7fbdb6a33290dc58aed9ab5
-
SHA512
cab7e4ace552a0ed1590f28ffd8578041a57dbcb0632e356dede3d1e77b40e787160c1398be9f4348329f161b4a65e534ab12a6e9d2993d2b1f673a33d880607
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-