General
-
Target
c69e55c480d916326f5365c0ddd06928978fd134ec5f9710358dc94503a2430d
-
Size
908KB
-
Sample
220521-bj6waafacl
-
MD5
cbabbce3f173f391bfefd3a3c35b16db
-
SHA1
4c1b762873f551dcc87e82759313835e88f99ba4
-
SHA256
c69e55c480d916326f5365c0ddd06928978fd134ec5f9710358dc94503a2430d
-
SHA512
e927f05405bc6aea367222898b3da4ff7803a5127311b0349c2372d8f3e5b54ee1034bc52861ec26853ff7fe62a09e238569b955574b3779cd626892e8a2ac72
Static task
static1
Behavioral task
behavioral1
Sample
SwiftGGU.Scan...exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SwiftGGU.Scan...exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.ejabgroup.com - Port:
587 - Username:
[email protected] - Password:
ieg12345
Targets
-
-
Target
SwiftGGU.Scan...exe
-
Size
1.3MB
-
MD5
baa4b9bc2f23cec237d6ee7e2aa1dd82
-
SHA1
a98b96a22ef2417d65d549a75e4de944cf7594e7
-
SHA256
6dfb4af12974d5639454d628609b0188c6ab5554baa4a11fc53572e60aa8acc1
-
SHA512
b2c556e809c06a14306aa313f3b2c39a4b831623837fc178170d3c6033f7c0a8893fc3cdc7bb80d6e9345a016e93cf8390cf015bf82ac4ea574988c81f2efcb5
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-