General
-
Target
5c8dde2e68f3b7802a0055a6f7dfc29101060738238e16174fd94f98992d0c07
-
Size
1.4MB
-
Sample
220521-b6hrzadaf9
-
MD5
1c78604342fa44e5d36f9de41e3faf33
-
SHA1
b5eb7da522034574f08a25bb51e2422082bfe2c8
-
SHA256
5c8dde2e68f3b7802a0055a6f7dfc29101060738238e16174fd94f98992d0c07
-
SHA512
43aa27222cbef648c14b4f4b9e7af0178b6532fba75fc56a0798d81005e5648c382896ff8f51a35dc616720f9badc77329b2fc2927a5c9dede8ac017397f985a
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATIO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATIO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Targets
-
-
Target
QUOTATIO.EXE
-
Size
879KB
-
MD5
92e0317af7c6a205b639b5c89440e8c4
-
SHA1
1430669d5c5e2dd0d85d10fec34de246cad2fa7a
-
SHA256
fe9c4933496ef0423c6c1591571aedd5acf77e22b349d49fe83d9a6d80178c6c
-
SHA512
a770d43d766f13114beb6fd31617277311e86fe0e80a81afb54486684805aa7cfd6a21ea6a4f797f6e7b37cc5addcceb79d575ae936d665e653b0b32a7034cae
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-