General
-
Target
967829fdb0b2f1b7a86923187553ebf53066b92d543ca6d2587519a9700999da
-
Size
1.9MB
-
Sample
220521-ad2hyaaba2
-
MD5
4ccdf3b0fbdeaaefa11e991ea19d18b4
-
SHA1
fe7f5e0ec4fa6f0385c8977dac3eb4460cad58aa
-
SHA256
967829fdb0b2f1b7a86923187553ebf53066b92d543ca6d2587519a9700999da
-
SHA512
d8d496905afcf3fbbc341d3ccb611a02678e74ed2de550d30b927fb2aedee36b6fd1b1e53b56f9e633e446d0cbf1877d9bb94da02bd126b7bc6eefaaac1c214a
Static task
static1
Behavioral task
behavioral1
Sample
IMAGE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IMAGE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\781F780B4E\Log.txt
masslogger
Targets
-
-
Target
IMAGE.EXE
-
Size
1.3MB
-
MD5
77fe809f6ab75c8e4ca3b09d79e7d1c5
-
SHA1
081154438bcc637acd03bb10e18c71755692ef09
-
SHA256
2f4324dda02f8721cf5c0c0ed404de8fedbc46cf8fb1dda0e3ec3d07d6fb42e0
-
SHA512
fd36cdffe011dce3104046769f60c5104a5f5c1e4045e82e749281d22ef2461969b41b064c20547fecb47e6c1f4c57fca73b367b307a35a952e8a9e694617a52
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-