General
-
Target
f5c8d2b0933f02befa8a92275b61c84da733d637bb7746b2c4a96b21086480eb
-
Size
668KB
-
Sample
220521-a8yqjabeb6
-
MD5
ba98312759ee688ad6274139f8ca4774
-
SHA1
32604658a2e1656988a268a38bcc35ec32442683
-
SHA256
f5c8d2b0933f02befa8a92275b61c84da733d637bb7746b2c4a96b21086480eb
-
SHA512
b790d6faf4694a035ad9cc5b0d443dbc0d0989cd9952b4c2a1c7652153978777832b5db8254b6a71a15f3970b38af6ad6936bf971f19db34ed00f56759cf6854
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.mkontakt.az - Port:
587 - Username:
[email protected] - Password:
Onyeoba111
Targets
-
-
Target
PRQ 010474.exe
-
Size
707KB
-
MD5
f7f798cefa93fa8f30af242b477b492d
-
SHA1
51255ed37b1c283d5680e2b2eedd8a6faee4a42e
-
SHA256
0ed172bf03053550d13affba533548544e35af09e7e01abd548648adf427e5c3
-
SHA512
9deaebc9c08f6855c5b3d878d27f0f79401af97ef15fcb1d4d6e4edcf20c51ba67c778463363b0fdeb9eec0aacdf257f8b4c17da9e8b7a12e9bea07d56be22b3
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-