General
-
Target
487966ac27957cffaab676f739a0928f87a9dab944c275cad3550d3760b42ae2
-
Size
746KB
-
Sample
220521-a8f6gsbea3
-
MD5
1e57d49e066643e833ca5aa01c1afdf6
-
SHA1
bc55924b3584a7e34e955b9d710f465b4df00297
-
SHA256
487966ac27957cffaab676f739a0928f87a9dab944c275cad3550d3760b42ae2
-
SHA512
6a9ddf8a0c81e5c07789015d3512407be028371fdf0ef6547f7bf5cf1ea2a304c5d098842c0e7d5a8230257f26fb6629466aa7d8a7903177406a83ff1c743159
Static task
static1
Behavioral task
behavioral1
Sample
Invio Estratto.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invio Estratto.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\2EF8342664\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Dmacdavid
Targets
-
-
Target
Invio Estratto.exe
-
Size
843KB
-
MD5
41eeb21fde2e0191d466f6ac5f75b4b3
-
SHA1
56b7e0e9918c0d12bc21c255bdba57e8fe7ae18c
-
SHA256
0bf96baeec569010dc7acb82cd5f2bb7feacd9c5411dcd6d8fd53c9b316344ce
-
SHA512
acb80e610ba546ed844c79c584b65a73c2aa4510d937f1591274ff711d7737bda53c7c6f050d67499e0f872bddd7a8500f52b098240d80b4f0b78624031571d5
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-