General
-
Target
839c500fe9fff02c0c70cd65bfce456f9efec4301b7d75ee478af939a08397c6
-
Size
771KB
-
Sample
220521-c4e4qsehg8
-
MD5
f42afe604d7a35d3095b7af6832870fd
-
SHA1
e53a9f8b01c0b077ae7efaf860b191fd73eeece4
-
SHA256
839c500fe9fff02c0c70cd65bfce456f9efec4301b7d75ee478af939a08397c6
-
SHA512
5d2e01604f7a06f9c20065f4992ca4ea48f6554754fb68582b7af72642876a54e52cbc3ea386806457c58a47c9c49652b22e8dccf9bd4dc0b6286e3884a79964
Static task
static1
Behavioral task
behavioral1
Sample
SCAN 65003.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SCAN 65003.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
SCAN 65003.exe
-
Size
812KB
-
MD5
0dce144cf6bcc62ec95d72a1cf626152
-
SHA1
4e00c89eb674ba5b2713555598fa8f9514ce305e
-
SHA256
6953bac97a3acd3fb014255896b3a0abc540cc5104c5b387d73c3fe795e2a059
-
SHA512
8fad13060c2242f26140fded8a844bfbd31df5b35562149222540eab75d3a2ffb74a827a91fc57ff4ef82187ad39d5ad88de8bdc703b6baa1411a2777f704582
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-