General
-
Target
a84a6a7eb96698a85d9506da6d3e6eb99cb05544c1a178a7c3348486f66942a2
-
Size
786KB
-
Sample
220521-b1j3vacgf5
-
MD5
1f707f750c71abef0bf6a667d6677313
-
SHA1
be112b5bcf18a63a5004e4a280e97ee060c476a7
-
SHA256
a84a6a7eb96698a85d9506da6d3e6eb99cb05544c1a178a7c3348486f66942a2
-
SHA512
d9928b66cfd3d91d37772d8b3b57f26ae4c6040b8f818ee69e84d04d00adbeb706be8e0745d5f8975513e13ca0f8bfa0fd56472f435e2ddf54aff57febd99d59
Malware Config
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Cotton2019*
Targets
-
-
Target
Purchase order No# PO-38001830013 dt 10-05-20.exe
-
Size
879KB
-
MD5
14e4f7e80b29919cb9e669f2b4f92599
-
SHA1
6bf307456d4881bd68dfd64b9a0cf20b9f0e5909
-
SHA256
ad8cb5298f8a5a5cfdef92b5aee76f05e43d9e81fabfe79e0f880adc6690821b
-
SHA512
d19909fb2a2135c838bc0f53d8593dc417962f84e121f79c3e44a1951046b752d3fb003f00b94a8cb794befceb181c52efff8a66259f66e3a5dde9834b65be33
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-