General
-
Target
e398d25e5ee3fa2ef17eda10103e1c39c7ddc36b9ccd06d3de5c1cc25141fe76
-
Size
949KB
-
Sample
220521-cd5ayadga3
-
MD5
a7bf1ba14bcca162e2c16645e3dfa1d9
-
SHA1
a3f3f4ec3b702c5fbe3e6ae421962ea9f0c4e578
-
SHA256
e398d25e5ee3fa2ef17eda10103e1c39c7ddc36b9ccd06d3de5c1cc25141fe76
-
SHA512
864c9fbae030b6c299ee62cd1e5f470689aba14e84e9ccd3a5d3f25633eea06b0848e1eeedbc4fc014fd554b89a94d706e0638f07efc7142a6b6bb0f088642ac
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
chinelomywife2018
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
order.exe
-
Size
1.3MB
-
MD5
db0fbf9c80238f34c22726ca4bfa6759
-
SHA1
d1fd22f57ad0fb02f0f8ac4d31b31d2f191e0f27
-
SHA256
a643a629e8acc513e9c6d51842fe1775208b64c4e1e20036fa52b7038ecf2c25
-
SHA512
226138cca5053dd91cb08b3d30dd34f37074e63cd698e676092374f1468d0a8045b42c1ec1f224d59a06324f268676771c068bb181b48f597ee9eed60d7eaf62
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-