General
-
Target
ff9f73c57d1cf21e73311761d6ab69e59782bc63f3254a5f04e541b492beb3ba
-
Size
1.4MB
-
Sample
220521-b37xpachg8
-
MD5
430b1a59d711169c7b0ebdbe17b0124f
-
SHA1
5f8599b4ef9eb931ac595373e7961e18c097fca8
-
SHA256
ff9f73c57d1cf21e73311761d6ab69e59782bc63f3254a5f04e541b492beb3ba
-
SHA512
9f2cb164ddd0190dcf63f81b7215a772e527cfc4981eacb011e1306a55a4de87884181552aa423fc63a49e8747768713d329724dbf0c495171962855944c1f5f
Static task
static1
Behavioral task
behavioral1
Sample
Q2020-07-466am.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Q2020-07-466am.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F293CD6622\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
y8wG[wgBvT]F
Targets
-
-
Target
Q2020-07-466am.exe
-
Size
1.4MB
-
MD5
93a02efc3319e40884d86f0603d6073d
-
SHA1
df7966c6dda6c785ad4bcf5b7a49f0a99a9bc51e
-
SHA256
de7e69ec920dccdc40220e414a2d1b3bc05e53c5f5ea34e309bd3365aa5dae78
-
SHA512
620172b1822721b279eb1b92d288a2ee82056b77c91c59134edc1aa727524bee2e5211cc41d69e67b1dc1caf9c555e5f475b3fca97d3dd3b94b224443e5fc2c7
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-