General
-
Target
f171906d6dbc7c4ffe93e7ae0c5ae128057a7e4393a0bf7d753e8c84a88a62c9
-
Size
977KB
-
Sample
220521-caw56agehp
-
MD5
73f500a1d6346ef2a0f2d81102af1476
-
SHA1
c4fdbb4c6d67cc61c81b155750d4df3694fc0d2e
-
SHA256
f171906d6dbc7c4ffe93e7ae0c5ae128057a7e4393a0bf7d753e8c84a88a62c9
-
SHA512
ce359fac581989057cfcc1ac5bc645b69cc8d949c8407a79c46b2de924fb17217b863dc063043f0f7a1ee9b6398b597d99adcdb09695c4269272cfc63cc8ecd4
Static task
static1
Behavioral task
behavioral1
Sample
SCTB38 NEW782.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SCTB38 NEW782.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\0F48153F20\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
masslog1960
Targets
-
-
Target
SCTB38 NEW782.exe
-
Size
1.0MB
-
MD5
18b6f9b159d93570f9ace705a62a9fad
-
SHA1
82f75eeef6e25500f517faf6f561057e63ea3a63
-
SHA256
48c124e7d628adaa322470af51fdee8a965faf61bdfbc4c2b143dcf57d52be1a
-
SHA512
d836b883425d6c8567eb0876a67525aca3ac6a33c0b7d2a72ef76bf6f0bf71594fdb2c71d6b18f5eeb607c1b3cd334876ae5d2906fa456d6b8d2c6e498696e39
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-