General
-
Target
1c9448879ae16e5069c06cbd9555f3df748996c2ae6901a427f156d21bfe854a
-
Size
834KB
-
Sample
220521-bb59saegam
-
MD5
f56905035fd9b140c07cd997cb489ee8
-
SHA1
93f63e17179a87572ccd422aba2c9c46d9ee0cd6
-
SHA256
1c9448879ae16e5069c06cbd9555f3df748996c2ae6901a427f156d21bfe854a
-
SHA512
4fc005553aee378fc49f0b7b8071cdb607fe87672ac7294941af1cc41a47b2fd8509c77d2446108d30f77d7ba09addf2b88b78209093248de7dd92d1b23fb45e
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION 0123.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATION 0123.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
QUOTATION 0123.exe
-
Size
885KB
-
MD5
39483695a751f29df877db2fca8c69d3
-
SHA1
6bc20ff90a8ccb6bcb1cfc44722ef4601b463678
-
SHA256
fa5b514cc6250b204d8c46ee8212b6db4e1c273904b9df51993b5dba4b07d865
-
SHA512
b87523d2b436d0a8b488eb5a99c09a65d90cd94f238e5f32727f739e73b8d3f3225dd785be4c2d8e0c66216d38a0b375ba7b8ea5aa12344c2be9601667b0024c
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-