General
-
Target
c74b4236eb38d0bf5d1fe43ab575879f4cf81d498250ecfcb1926bb519f77d18
-
Size
835KB
-
Sample
220521-clkaqshban
-
MD5
b193a3dda86956225f21a4bf60e51686
-
SHA1
22d6883792695c5a3783b4fc749d4df15376cc87
-
SHA256
c74b4236eb38d0bf5d1fe43ab575879f4cf81d498250ecfcb1926bb519f77d18
-
SHA512
92d6652828ab29e04029e12da702949d9feb787bb26cabf27485c644e9398c1e1684bafe2bf064f6d246077c2b8d893461dae87acd26f005daa33c05870fd438
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\8506BBE7FF\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Purchase Order.exe
-
Size
998KB
-
MD5
c4eb73549663f5a0925826350281a9f7
-
SHA1
6baef77aa43f56c23aa48b19ee7acec0f27213ec
-
SHA256
d7269fff7321b7254a2a6ce7e6fb9b8347d73cb78597d73412b8d21344832e81
-
SHA512
2ebeb53cf5229077d96b8bb2f93e7694baaa420d3c719c7156d9d28b1bf1f168da9bd2b095f3d0569dea2eef1a171609f538bfa95d02f0f596c6c3c429ef7f6e
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-