General
-
Target
3b7c9f0dcedcfc7e28204e228da8bfb05111a0621b097f4c57bea36074dfee01
-
Size
829KB
-
Sample
220521-bbmgnseffl
-
MD5
5070df99d9ae4f1424f6b294e8671bb0
-
SHA1
5be88e43b6b3d8695e7883ea9b3471b8dfb875a4
-
SHA256
3b7c9f0dcedcfc7e28204e228da8bfb05111a0621b097f4c57bea36074dfee01
-
SHA512
d05bb1237fe7408493d8b0c804f3bf385b5011491a3af187030ad0c8b8f096c2bddc8f958899ce452bda41dbd583468d1154bba0de6425e09d022570d19d38ac
Static task
static1
Behavioral task
behavioral1
Sample
????? ???? ???????????..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
????? ???? ???????????..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\19E979543A\Log.txt
masslogger
Targets
-
-
Target
????? ???? ???????????..exe
-
Size
879KB
-
MD5
0d0cc9c2442100d75fb6e2a7f3a9a3a7
-
SHA1
303231ebf1f84bfc7bffa5f4ffea7f7864932bc7
-
SHA256
d9b75b8d542d8278b8748169b3250cdf07604dc91e9d5c5a5686727d9f58afb7
-
SHA512
d25fca0f3f39d8f4210a5078024e45ad830b58c9ff95c31bc35baf2f8cc7cee59e349ce41381106c27a1534beb567d475c984c28d7ccbe324c090bff54159347
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Modifies visibility of file extensions in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-