General
-
Target
85216c53e9590919930a55a1040fd4a67f4ff5440f12022c736baab95284a3bb
-
Size
809KB
-
Sample
220521-c3zrraaafk
-
MD5
079530e797c64050305227ec11d2058b
-
SHA1
c0132a25187dc00c5c5f89b6ef4135f1cd0a3501
-
SHA256
85216c53e9590919930a55a1040fd4a67f4ff5440f12022c736baab95284a3bb
-
SHA512
0012999a7e123ffc45c848bbf76b8891c7bf267c8efd4b41e2d3d29fd07963dfb9aead7534271fa624971e89685beb3353b1b82ccfeb33195c3a10e605cbfd24
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE09809000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INVOICE09809000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
INVOICE09809000.exe
-
Size
919KB
-
MD5
f580ef1e3aea53f11f733293d5dea0c8
-
SHA1
31210d185fe5da5d221fe6e77ea8057a9b3d91f1
-
SHA256
d1befdea5b845b2f44b7b2202bdf3d9e09a26fda3287581db28af324c865cdec
-
SHA512
cc4d96d43498dbfe915fe67d9cb25308a4a08e8d3360b7649dfc800d146111597c3f852fe1d3e29b605b4e4082759d8a83ef7231e686a01e49f59b6569605150
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-