General
-
Target
f5be493b3851e69348d4e4386af39f571ba9c52925d404db5ad733abab20892c
-
Size
810KB
-
Sample
220521-blxemacah7
-
MD5
448022607acd0e434b8ed172f501ba50
-
SHA1
004517e582dad40fe458184087adc6a311aa1553
-
SHA256
f5be493b3851e69348d4e4386af39f571ba9c52925d404db5ad733abab20892c
-
SHA512
b39109b7ece82832b4c9c244ee2150a0526597fb18e5866e9c553bec4df1c4ac62cb11e4cc6fb569c28403ea90d3ae6fc2f731c9cdf144c0a70359085de46481
Static task
static1
Behavioral task
behavioral1
Sample
Request for new order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Request for new order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
Request for new order.exe
-
Size
948KB
-
MD5
379abf3d912c4360aa57dcc1bf36425d
-
SHA1
8d93efda1d50ba3dc65c4def509a14ded2559b15
-
SHA256
31b2c043dac09d9f3c0050f5bdce779a26e4612f501573728d65188bb7684fbc
-
SHA512
d4fbf4c9c0dbaaf913c5328f96e3775b465c1f7bd4ea29bbc354f66d9a2f737276862c956c53c8c3d485b6d26bc2f94032e8087295d8e2a2ddf8187b5765fe50
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Modifies visibility of file extensions in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-