General
-
Target
a5e92837868c1df0ee2223d7b8cc47c4afa812f4032ea0a768debdb2cd9132b7
-
Size
802KB
-
Sample
220521-b1kz5scgf6
-
MD5
e53285e8bc60d2aaa86c248003752841
-
SHA1
362020d1fc004605b503509ac46695a2304e6535
-
SHA256
a5e92837868c1df0ee2223d7b8cc47c4afa812f4032ea0a768debdb2cd9132b7
-
SHA512
d66c2849964bcdd504923c6d51140c73dda6f33aaed23ebc03e85e35f1415acdd18f8307d3de0daf3c9ad5797d6a7669c2112c141c032b670128c3308d7e2494
Malware Config
Targets
-
-
Target
Revised P.O 8400383.exe
-
Size
938KB
-
MD5
5d5c633ac8d2c2ce88b18a081ee81bda
-
SHA1
eb1cb151ada6e83cc1b0eb4810e102a7ddb36b71
-
SHA256
cb8c9572b8c0299b05a17084ae5dd93d0aea243138bfd03eaafaee950390724d
-
SHA512
166692b371aa888f6cf2df7fe675cb9dc975224410c6b13a29b63b752c6368b24521419ef1ed1efbe411641ae34cc6647882956c994ff301eaff3c6adb82190a
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-