General
-
Target
bc52fb733abe8c7201c916a18bf92214f50132eab17878203f2df63a44cb7d4c
-
Size
1.0MB
-
Sample
220521-cn2ykahccr
-
MD5
4ddd157bdf72d0fecf1f4297c06f5426
-
SHA1
95d243df88ec90827ba7c89288747517a0def4be
-
SHA256
bc52fb733abe8c7201c916a18bf92214f50132eab17878203f2df63a44cb7d4c
-
SHA512
e1a386d1a46dd345782b31bf8e7d965103a04f533ed735c26eb1811c46dbff4b80c74619e6db369d24b3dc470d2faa0c41cd04983839b287b64584dd3b3618df
Static task
static1
Behavioral task
behavioral1
Sample
2020080495209.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2020080495209.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
2020080495209.pdf.exe
-
Size
1.3MB
-
MD5
62a5098ca9b33099ef35ff4ab0d5b325
-
SHA1
bbfb15f6526e804150df582140c5697e7befb7e7
-
SHA256
f5e0fbe83739081ba2bc70e0aae26a0dd33358061b931f96e3ee12eefae90fbf
-
SHA512
bfe2deb4362178b7b25a61a227284578c49aca50601877b5f47568e1ed8a73a595043a6961f5b606b5e09c46b9c5b25508c43b2068a036c589396382ce8b0041
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-