General
-
Target
c2bc8267e688046e6098da9f7d8621f98dccc412ac5b0c15abd60c83af0c3fe3
-
Size
746KB
-
Sample
220521-a778ksbdh5
-
MD5
428b9ff9528a63ad66e87aa3b84c5749
-
SHA1
2d6e6bdb382d25560a6d77519fd2c358f8c373f8
-
SHA256
c2bc8267e688046e6098da9f7d8621f98dccc412ac5b0c15abd60c83af0c3fe3
-
SHA512
837208ff566d83ef8b08bb97aa2df28231f7aacee862db6e97200fe9fd0c1d6f8e7950637fb48f42460b63500ec84bd9124907b63e40a6203565ff16cc3ac358
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20200521_080918_33046.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20200521_080918_33046.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Dmacdavid
Extracted
C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt
masslogger
Targets
-
-
Target
Halkbank_Ekstre_20200521_080918_33046.exe
-
Size
843KB
-
MD5
6f7418933a75224a3502a87f3f4d7310
-
SHA1
c14fa0f144bd2bab22c5514df8aab8b69f827f38
-
SHA256
06c6a06e460067910ca80f6a1bc57555aebb58a7c89ab1be632a72f6c1921a10
-
SHA512
5a84325fa783746730caf8359fa63b1320fb775c8fd9273188bf6ddf7683758cb8a61d1900b64d5bc512c102546137e2580eeae9d6a2dbc0e08ca65caa495664
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-