General
-
Target
039f4e733627c8a68c6bdf598e2e5f3887c53eee4034f0db21d6b159146aa0f7
-
Size
1.1MB
-
Sample
220521-b2n37achb8
-
MD5
fda9add22de60858025a3a06c8ad5ba1
-
SHA1
d511663f8f02f4b52fe7183b074f33d68b0f8f18
-
SHA256
039f4e733627c8a68c6bdf598e2e5f3887c53eee4034f0db21d6b159146aa0f7
-
SHA512
5c16e2a736592f8da57b863ff80aab2f1fb2a3e7a153edb81de2997b9855eefe1de6b3d4aae558c0364ec4ffc0a703e7ecf971f38e4226bf60929d38608ce2bc
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Dmacdavid
Extracted
C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt
masslogger
Targets
-
-
Target
Inquired Materials.exe
-
Size
2.3MB
-
MD5
47d3bd28eb5dd0d07bf1550987f443fd
-
SHA1
f25d43feefd19d187e64f4bf8bfb33589cc0c32a
-
SHA256
db6d686590ded24cbfc0dfb2be4cd25035d7422c4cf49e6b9bf94469d2573e7d
-
SHA512
76065edd59cb13198de9d7f668977089d02b4bad286f6067141acbca57a54f8da07bc48b78ee04954e5e5f0f916eb113a0eb212dc13702d5c36f27cbddffebec
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-