General
-
Target
560a0f75df71d4870f4dc8baebde68372178b3c9112b849a1a6f4995a99e2958
-
Size
647KB
-
Sample
220521-as4xlsdfhq
-
MD5
eb13e1642d04562edcc3125290ae7974
-
SHA1
81568d257944210a87942095dbcedcf6373d5eef
-
SHA256
560a0f75df71d4870f4dc8baebde68372178b3c9112b849a1a6f4995a99e2958
-
SHA512
cd748dd41208effebe04869c58e42a81a57cd640f4576b9e1ce7e9926415ff39985c370ccf623bf84947daafa2208ad1c06cacc8775d5d9aa9513b7ce8b88745
Static task
static1
Behavioral task
behavioral1
Sample
Oypy7XYBTMuI7M2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Oypy7XYBTMuI7M2.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
SometimesINLIFE@
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Oypy7XYBTMuI7M2.exe
-
Size
702KB
-
MD5
fcada174c3065750b2fbf81594987216
-
SHA1
6aabb9ad9424b5be363fed86ad528b190a9bcc24
-
SHA256
f0176393025bb51cbf9ac3e0d457ab89e129d90583fa103ff9db794687787715
-
SHA512
14c5277eac5996f5a6660a434c9884279a34b383f87f603708b9faba03abb20802ff5a316d065a90987e0a4e674f5fb0e5fecf9618d53eb50fdb7361215ec035
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-