General
-
Target
97b2ed57152af2f0c93d46664fe6340832b1dd8b53f5280e42c5787e00acbef7
-
Size
1.3MB
-
Sample
220521-b2t97schc5
-
MD5
7300d1e5d8275b346470825027b9c942
-
SHA1
5d184ad80685d356eb8bc5287968986b5b9ffd90
-
SHA256
97b2ed57152af2f0c93d46664fe6340832b1dd8b53f5280e42c5787e00acbef7
-
SHA512
6931799b112fb558a3e97b4a1a78f903d2a1849a6336c956dfa01915c9a72e42b75b5f1315c43da2a9b028e6434801bd7c392d18aa07e8b976897b7b89ebd9e3
Static task
static1
Behavioral task
behavioral1
Sample
NB_Inquiry.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NB_Inquiry.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Dmacdavid
Extracted
C:\Users\Admin\AppData\Local\Temp\F293CD6622\Log.txt
masslogger
Targets
-
-
Target
NB_Inquiry.exe
-
Size
2.7MB
-
MD5
033f93ab38b8abcd2c5125ff04172e9c
-
SHA1
030098b28e2099a2fc12f5dbe8b4ad4af92295a5
-
SHA256
91ab9b169f8b0c05ab795c52b0e41f34374bb828c16176eda1f121c1dbc12731
-
SHA512
47d90a7edcda87676986303da496cbe170e71a09c98cd6ef2b13ca52f63ea58795e4de3156f0f7c0a0a300adb2e6a2ac7a721c01a29d62ebce74bf3fe70d76b8
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-