General
-
Target
2cd2395322ceb66f04741314be8723d98810145e80e9a6a619eba94590cb8fc1
-
Size
740KB
-
Sample
220521-a3bzksbbg9
-
MD5
eb8322178582aae3d19e76a52e333bd0
-
SHA1
77ccf5786aed7576e9f486c2eb614bd218f7a512
-
SHA256
2cd2395322ceb66f04741314be8723d98810145e80e9a6a619eba94590cb8fc1
-
SHA512
6c9081db2327d8027a42117d62ba1c93ba01dd7c5bcef676ecb3573d980e405c6406c6364fceef44f6ce5c5c277810caf06ad86f493e8b2702418fe9d6112401
Static task
static1
Behavioral task
behavioral1
Sample
PO46221905.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO46221905.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\8506BBE7FF\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
PO46221905.exe
-
Size
841KB
-
MD5
6de2607d6b582340ac160517edd8feb9
-
SHA1
ae820bd10915292a37a5d927147138c4a92e7a8b
-
SHA256
0ce85115b26d769cc29342f77c359fc2177d325e5394154fdc700ea644f69971
-
SHA512
cd8997e25192e83d4d815066355933d4c31df96e47f3214b620e9d9ddb5aee7e132e101473e7d1b2eda83831f5c1f0ed0392d8e79455cf08022cbf55660c8126
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-