General
-
Target
f80bf078233f75b4226bf4a5b16ef4bb3f32dd13826871353b4a39fad167e13c
-
Size
716KB
-
Sample
220521-b9akrsgecl
-
MD5
a14c704d64ff79ce06a8839e82824e06
-
SHA1
1a589672c9e459130b05f6c6979dd2a61a02ba37
-
SHA256
f80bf078233f75b4226bf4a5b16ef4bb3f32dd13826871353b4a39fad167e13c
-
SHA512
8f447c8f7e4434ba48fe54aac7aed20324e410a682d5c7374ad3082122556e6ba7b43abbe43af29f66263b3bad5938facc3958d5a53d5a03ce0973fa1a3dd3a2
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Targets
-
-
Target
Order-411546.exe
-
Size
806KB
-
MD5
22ffcd520fe68ef6d11c131577091fff
-
SHA1
08ba8ae52078a1ad86ea3b8bde4f619b23d0eb04
-
SHA256
c8174141c60baa057aa9780fdb5fe1e4af59b9d3a9d5a1d8ab7d929b13d3882b
-
SHA512
f53c611e64a76cf46be0c8941edf987e0f25db0c4682d15aa60d595fddb4ead053f3fdd3d0cb0996d13f76a6e2ce1dcf2ecd15db6debabe5ef44b0a91478eac7
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Modifies visibility of file extensions in Explorer
-
Looks for VirtualBox Guest Additions in registry
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-