General
-
Target
7a6128c5824462890c141cf2ce2b99874741d964d3e256a118901a9e3289ff55
-
Size
1.6MB
-
Sample
220521-ak4a4sdcgk
-
MD5
33e746ee2dd377e1c3fa3b3f56e00ed4
-
SHA1
3900a271ed436746c21b3343aee766a3e18fdd1f
-
SHA256
7a6128c5824462890c141cf2ce2b99874741d964d3e256a118901a9e3289ff55
-
SHA512
a89fcb7584bf8ffdae491d0eb01c415d4a900a087c8293410d95b76dbacae40b6a7368aba68e6df2ebe0de2ed2f715c0de2bf6975651c21ef348d90cf3e5f702
Static task
static1
Behavioral task
behavioral1
Sample
EL_MARWA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
EL_MARWA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.inbox.lv - Port:
587 - Username:
[email protected] - Password:
E8EbW2E3dk
Targets
-
-
Target
EL_MARWA.EXE
-
Size
1.0MB
-
MD5
aeac27a842010584dcb4eab0fe77a915
-
SHA1
728d6a3e512b9625da1b20b1e0b1b2c76cf1f7f1
-
SHA256
f1a5c51a3bc4486e199f578cbf97cec7c88e6654c9985bcc4488271da1cfff4b
-
SHA512
e0382f41ce3ad838cb21f60c7f853ed3cd6f0ed281ae204419bcb5e367c2a185c96a50b7ba323846636d6db3a57a6125d9eadc2a27a9457a5de66e826a0890c8
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-