General
-
Target
8b3efee83e420509df329db90bf2e024655797605887c605f2553b3e8d4c82cf
-
Size
845KB
-
Sample
220521-a8q1pabea8
-
MD5
7b372f3d021b452c648229ba49e203fd
-
SHA1
af8c6d46019981d4fc4ef994a1a3fcabf0bc4cb3
-
SHA256
8b3efee83e420509df329db90bf2e024655797605887c605f2553b3e8d4c82cf
-
SHA512
2b77809d591a234544a806bcd0c52817adebc08101a74e390f3fc3bc4c634548930d0d04197cf8e8bf11acb57a6d12ffdeef7e401101732c2064fb93462fc60d
Static task
static1
Behavioral task
behavioral1
Sample
Order Inquiry List With 3D Artwork.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order Inquiry List With 3D Artwork.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt
masslogger
Targets
-
-
Target
Order Inquiry List With 3D Artwork.exe
-
Size
881KB
-
MD5
b9d10f4408bf860a0a8b6243083ea0b4
-
SHA1
25097e3d867496c1e0b1958283dfacd4cb10ff1e
-
SHA256
a95841c0ebc43b93e86d68701817f8d3401a92e9f65a8b6a8faf66de97f9bb7d
-
SHA512
218fec5a9cb9e073e58629b18c5b4995beed7a4e0bf3fdce18a389ecb0f43255b105dcabe67a2440e1372825645922d761c278105753324b181f448abbde2a4b
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-