General
-
Target
2b50bd046daa41ac72285ed05506be51f8982c3eb6ce8ac74b3a1958fe3667fa
-
Size
940KB
-
Sample
220521-a3n9xabbh9
-
MD5
afe38d00aaa9747fa5314098308990e1
-
SHA1
2e8f8f0c92fec5f5c1cd3b17d3b606dadee7b1a4
-
SHA256
2b50bd046daa41ac72285ed05506be51f8982c3eb6ce8ac74b3a1958fe3667fa
-
SHA512
cf6d67209205055dea9d51cf606892a5e735efb29e0110858a8885bda3a9e8277fdfbdc374ab921c1d26f2a01f34ab82000bb505bef875777b40acbdda91cd33
Static task
static1
Behavioral task
behavioral1
Sample
Document#0193832.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Document#0193832.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\3B8E3C2477\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Tomorrow@1234#
Extracted
C:\Users\Admin\AppData\Local\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
Document#0193832.exe
-
Size
1.1MB
-
MD5
97edaeff8f726e10d554f8f8f5aad7ae
-
SHA1
01da166b48252cfb52ad7b42730ec994f07c7db2
-
SHA256
bcd7372fd84fe78e97a72a842df6cab2a5d7a47909a3fd05b13f6f4990de8a7f
-
SHA512
99ca75b3989909eb66f2c7cd282db81c2c952fbf637287c6157df923335f5f9bd63b9d5b91b0ec7de06d68391903f716f5ab6ce67f2f3230a3e8c25b44aa5f16
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-