General
-
Target
bca6c3c07f81609227d409a774879977b2ef095834ca88ccb4c8716269ca854f
-
Size
795KB
-
Sample
220521-b1dk3afhbj
-
MD5
fc0049b1f8d735e3e5ca153af43fc6e0
-
SHA1
db480ebfdbfb3616cfbb3f6d5025a0367ddda4af
-
SHA256
bca6c3c07f81609227d409a774879977b2ef095834ca88ccb4c8716269ca854f
-
SHA512
f02f0d235f4e289f8853a4d759881eeb937ddf91604a2de96d18599180b4053b49073360103235060b637e4aded216c7f7df605194c1d999f116daa550f651e7
Static task
static1
Behavioral task
behavioral1
Sample
SPECIFICATIONS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SPECIFICATIONS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
NewBlessings
Targets
-
-
Target
SPECIFICATIONS.exe
-
Size
878KB
-
MD5
33c3551e8b1580ab7e9663b1c3e2c3f4
-
SHA1
6bd58b98d73b7d34487254354dcf07ec3a7b31e1
-
SHA256
ca946b7be994d2636254cb8b8cf44f5b7aa57fd705c6e07119aa4e68092daa01
-
SHA512
ff0eb8d158175c6f7cccb28791a4c090d5e047d9d792bd5bcf1e863d9e8d8adf0d2cbd3d89967d2d67b0de8b6ab496175a680c000fd1cf7a375ac7dd23cf5f72
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-