General
-
Target
2acd811e287386bea81c860f8a6447294ad9dfab57f9cc1027ece210a0c2b46e
-
Size
873KB
-
Sample
220521-a3t56abca4
-
MD5
b488338ccda886c86e877f43cfd63f49
-
SHA1
1b5cbddd976789e69a61fea548e34e9fa328b2c8
-
SHA256
2acd811e287386bea81c860f8a6447294ad9dfab57f9cc1027ece210a0c2b46e
-
SHA512
c829cc2274c915b1c4f1f9977c445ff8b7de0a4875ca1680e668f15dd707e3de654f5bd8e3d8e1b69c97e5e5e0c8f261beb7490c63d6345dcb0be12664f797b9
Static task
static1
Behavioral task
behavioral1
Sample
Letter of statement.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Letter of statement.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\781F780B4E\Log.txt
masslogger
Targets
-
-
Target
Letter of statement.exe
-
Size
990KB
-
MD5
eebfc7dcf7359c43826c9b7fd7137472
-
SHA1
a8f0a53a6a3de13b36bafe845abe17c0bfd8ba91
-
SHA256
3620092a3fe074a1adcf351ee1e91081b7227589993b148cd2acc18df351e9ea
-
SHA512
ba5d85d192c4648bb3dd143fde9b7ce796b53673bd63dfdfa67774a9305404d27a4e2d241064b7f098e2c310b2dbb612db67446c047aea0b7ea0b9bb6885f895
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-