General
-
Target
95194602842b66bfa515dc2b260b09e45b7024334d5a07bd4ffeb3079d4e6348
-
Size
767KB
-
Sample
220520-rvwsfsbden
-
MD5
08bba702616f5f4dfcf269a88ba74634
-
SHA1
138e879d59bbb432971040776a603d720a6595d8
-
SHA256
95194602842b66bfa515dc2b260b09e45b7024334d5a07bd4ffeb3079d4e6348
-
SHA512
ace5354bb50194ec87310252420f626db3aebdf02f1e2b1b9f1e905139390f81e6ab23b748fe5520f99addb4d346453abcc9bd755dd260ef6d6fd26a562c1fea
Static task
static1
Behavioral task
behavioral1
Sample
sososos.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sososos.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\8506BBE7FF\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.difmobilya.com - Port:
587 - Username:
[email protected] - Password:
dif7477371
Targets
-
-
Target
sososos.exe
-
Size
1.1MB
-
MD5
4274297082755d98b9d07fad46dd9f33
-
SHA1
28a1a56d03bba60df0da5151c854759b477c40ad
-
SHA256
6cf454ec0892e0367356ae674e93612f1c23d9c99874d8ff7de7d77055cbf9c6
-
SHA512
f227836df848cfcf5da9de949a5f9986ddecd843a5484b9eab868d57357248541dc9307e9e4c057d0a2fd85166a1026a45f4e31b7ffbdaa6cc9aa84a9387d26a
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-