General
-
Target
f46e28c7a2557f41f0d572d066113bbeb7550b860cd64cf4f977ac1116623187
-
Size
928KB
-
Sample
220521-b93ljsgeeq
-
MD5
66b0b62b935d3d78be5a749ea8004d21
-
SHA1
e33d4c4ad90b7f07e38921594a93cb2f19d38b0f
-
SHA256
f46e28c7a2557f41f0d572d066113bbeb7550b860cd64cf4f977ac1116623187
-
SHA512
d424bec0c5b47817343f9975e167e0f2a0a259af66ebef624f114042f1316f4b77ebd20aadb42123953eee58f08805f31974c5729aa4fe989bf998204356aec6
Static task
static1
Behavioral task
behavioral1
Sample
AOS Neptune_028E.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AOS Neptune_028E.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
y8wG[wgBvT]F
Targets
-
-
Target
AOS Neptune_028E.exe
-
Size
868KB
-
MD5
6113ddc1b5a8d0984b259768fa03a681
-
SHA1
269592ed330417b87d325174e1a6ae180b0a4243
-
SHA256
cc9cd3fab00a7ca68c26cbf9bfcf691aafd004232149c04d2d082a1fe06b9f32
-
SHA512
7ef9de0d9952af32c408040920cb94445b4c166d33a8c25247cd28b75bce6360511f7fdc0954082f43202e2ba9bf0c1ba448df67876808c949c016d08c19e289
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-