General
-
Target
ef135ff370965b368d1a590d09638e105809bfcf3696a754ce8945de0a574c37
-
Size
860KB
-
Sample
220521-bl765acbb3
-
MD5
788335a0391e4b1a8547bb353116205c
-
SHA1
1640eccea9f93d18c4db3bc061ea25ee984e3c99
-
SHA256
ef135ff370965b368d1a590d09638e105809bfcf3696a754ce8945de0a574c37
-
SHA512
13a42405f7a7a48e494eaaca303b5df188c73b3c8e29145884d3d9c31c54b069b0527bbd638bce510b9963dee3dabc6f5725dd03e220cda189e60053b3c03c47
Static task
static1
Behavioral task
behavioral1
Sample
DHL SHIPPING DOCUMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL SHIPPING DOCUMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
DHL SHIPPING DOCUMENT.exe
-
Size
983KB
-
MD5
1e9264b9a9412d1de2a4ddf9d062f9d9
-
SHA1
d1d71a586ea0fdc9cf2f3e584145337c0580d7b3
-
SHA256
60464dbfb4a5cb7227d3afe20367adb84757365e1b9a466ef95c0c96c28b31cf
-
SHA512
53d2f22148b62912a23c1056e65df435ff07ec97915d359fa330ba605eff9876f8580ff6041146bf3f44f2f099262bc1ac71d365cb63337e850312f6bddfbb2f
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-