General
-
Target
e0aa6c2f673df8b8a98d3df001a392914384b5adf043652f11b123a6a2c49237
-
Size
775KB
-
Sample
220521-cetktsdgd4
-
MD5
9cb284b0139adf5791a3333a21e62a66
-
SHA1
d777ba76921d72af7940fd850ecbbd0744556d14
-
SHA256
e0aa6c2f673df8b8a98d3df001a392914384b5adf043652f11b123a6a2c49237
-
SHA512
3c94e73286a608ebd00aab8985fca142981e907532b9e40698a23d27fb4ff0ac5ddef1f66b7ce8f1741ada910f6fb526eb5cd030d0c5996e51620c90b39837ba
Static task
static1
Behavioral task
behavioral1
Sample
Product_List.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Product_List.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Product_List.exe
-
Size
818KB
-
MD5
f5dae3fabd45aa5800a808d8ee39f2c6
-
SHA1
be546bc5dbcf5bef88c03223935dfd40d893c15f
-
SHA256
0f589bd3c4bfdf1301a52c6b4b9f9202ab61131bb7230f4e91767b28894005b2
-
SHA512
f305b8c015cf613017fbee486133d8ab675d2e9d1023c503f0dc8fe6e62f14593bbb25b54b00a321976792c322efe057a8e42612b77e5ef1bd80ad05ca2d8b64
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-