General
-
Target
734a691f0085ffd15946a8a5cea81b354aefce10760fc62d10dd046623514fd6
-
Size
650KB
-
Sample
220521-bst8vacdf2
-
MD5
0ca1889bdd27a5593b508e977137ecfe
-
SHA1
b9fdc1c8825fc283e26954c3edb5d055297b733f
-
SHA256
734a691f0085ffd15946a8a5cea81b354aefce10760fc62d10dd046623514fd6
-
SHA512
6ea229e7f17ea2be7f561c165e15f7788886e991212cd20eb691d3889a125e6b3d3e54b183045db8ad31c5991be81607501fd5d4a53c80ae7db2cb46a6976d9a
Malware Config
Targets
-
-
Target
NARU?IVANJE U NEDELJI U O?UJKU 2020.exe
-
Size
1.2MB
-
MD5
43cd8c82764e33687f3fc9dc8e76baea
-
SHA1
20100b4cd42f831d1cbc04e4b8f0910478738646
-
SHA256
4258daa1c36c896d0c4998c61f47939ff18c1b558e446327dd6146d6e709d9ba
-
SHA512
d8000d2ac822c69559b776d5cc18c08a2033f0c2195716dd6e768dcb14a83bd7df917a9e73114fb63a3d25e25dcfc7d57ca28ec2537f42a85455f494ff826602
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-