General
-
Target
ca144462b30d41d857bf6e92ab7970b22ec69ec6301aaeca6d114c624bebeb08
-
Size
841KB
-
Sample
220521-cky3haeag9
-
MD5
913b11559bcb1d4763a653741472c81e
-
SHA1
adc1cc8fb308bae8d7ffb404e0f8039cc58ee198
-
SHA256
ca144462b30d41d857bf6e92ab7970b22ec69ec6301aaeca6d114c624bebeb08
-
SHA512
d8ae5d3a751f09c45fbe8961ee7093d63744734eed4e680a9d9df6afed2b33fa6367fb205c1695ce4fc85d45bc92c8f506345ab0ba9eab9fd2a28aa0e3343d63
Static task
static1
Behavioral task
behavioral1
Sample
No42113-No42114.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
No42113-No42114.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
No42113-No42114.exe
-
Size
922KB
-
MD5
f199ca0e897812a4218b91a293a7656b
-
SHA1
0c9ea2d1c5c0254a278940c3b5ca7c25942b50fb
-
SHA256
9300260a0aa311aa5e53e3c015ba7c63bb52ccb40c9841d4f566a6019143257d
-
SHA512
3dd1ba3483ac0ce0d4202ebcf400ed0abd7a17f5e5e595fbff9f08606a72d21a3f752b3fff72e91c966a6db1edd44a0807681ec6e901927275a2f3441d2464d5
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-