General
-
Target
4b5aed68397bf606ffec5ddd12e03c21ad332aa851cf5df746d3067cfc9e7ff9
-
Size
1.7MB
-
Sample
220521-bvq9zaced4
-
MD5
2f2c7da2ca90458763ba41e1911206ea
-
SHA1
67f1cb3b6bdb8cb047d73bbb7f7a8bc666bdac59
-
SHA256
4b5aed68397bf606ffec5ddd12e03c21ad332aa851cf5df746d3067cfc9e7ff9
-
SHA512
1b578fd097455189e82a722d4f97143eab5dbd4b91d9faa65d0d7587b1a250592a2198e9183ea68cf5b5171d3b4ce2f5393b4f2b1826132eb41aba7d144c9475
Static task
static1
Behavioral task
behavioral1
Sample
new order xls.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
new order xls.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
new order xls.exe
-
Size
1.8MB
-
MD5
60826b549c1baaa5f34d192d54aa91f2
-
SHA1
9650ab46ee8f654c260e712b2d3b0443a5ca1d7c
-
SHA256
25713dac1c6cb3444ccdb4439510b4e396fd217fcd6a5d1c3d40b48ae2716616
-
SHA512
3b124114ee2c8ee28386b201eb0e8b8411731d5f3dd19530443d4a5e8891e90d59e95e05218f3043f3364598abb7cc18fe2fc1dd483c00c21a42f0368b200e79
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-