General
-
Target
e2757d60ab3f7e915054c0d0b29e4ccfacd11cec85861925a652df79f6ad467f
-
Size
824KB
-
Sample
220521-bmyn3scbc7
-
MD5
2a61a3772ab2801c2fd03c2eac5e7444
-
SHA1
725cc9043353eafa328a7f1ce6020a8d9c82b768
-
SHA256
e2757d60ab3f7e915054c0d0b29e4ccfacd11cec85861925a652df79f6ad467f
-
SHA512
5c233d95a978e2a9f13c0d72651a4d3e5298c8ecbf487dc805153eca95257303f24afda66dab6d93ad0d15137d5a104e3a4c5c1142491f416bd6b2fafe01aa35
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.pirc-energy.co.uk - Port:
587 - Username:
[email protected] - Password:
[}cHJZymZgEq
Targets
-
-
Target
New products_Inquiry00000000PDF.scr
-
Size
1007KB
-
MD5
4410f1e9106370721dd61b665e62db98
-
SHA1
eadff44552f64370b85c35abd736c39465fd833d
-
SHA256
6d8dbdf39f97cc1b6730d7eb7b2ac7f60ac2026e5ac33edb00093f1a87cfcf9a
-
SHA512
60ee671e4b37b6cc58ae8bd7351e475f8279827ea7eab30d463e4e201db99b9300b84d21b997ffc029e5cbbb6e4a5efcddb71dceb661a644a4a4227eb3009c67
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-