General
-
Target
843448ce9ea61df0be53c856964eafe2a57e9ee30e0ba23655c5ff0e2cffbf99
-
Size
761KB
-
Sample
220521-c4ah9aehg3
-
MD5
fbe5e754c26ad7510d30603d8866f1cb
-
SHA1
8d22582faa4361e180a7ccd240f7f176ab00df11
-
SHA256
843448ce9ea61df0be53c856964eafe2a57e9ee30e0ba23655c5ff0e2cffbf99
-
SHA512
92371f6d95c1f9b0686a098f041ff53c505e22bb2bb2fec06d00dc0a2b6a25e6eea23ccac79c09ced6d1bc82ae644508ae5b99ea1d27d21900485a60e9d23e1c
Static task
static1
Behavioral task
behavioral1
Sample
Sales note PO53.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Sales note PO53.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Sales note PO53.exe
-
Size
861KB
-
MD5
3e414d89b9f98f4cc6c5988634791c0a
-
SHA1
fd7d1e1c6b49b97db475ccc56958bee3964ad766
-
SHA256
1c2f10aaf4e8b9a9e90316e8b470616bac893609cd85374cb11bb4a1a3971e5b
-
SHA512
a7781136e267d2549d9f248830951170f4b6eaabbaa212df3307362a895414ae85ece41c25d1256e09302d5b1c603ca45d1e1753dac85ed5493acb2b8cbe6508
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-