General
-
Target
b96cfbc6878aabb8d480b165c2576c68af6807c8b80bc80810effd84be7f08e7
-
Size
638KB
-
Sample
220521-cpmv2ahcfm
-
MD5
c0208c4dee22456b9a4f6db10918edfc
-
SHA1
b6e9e05180bf435bee9d3f1b77852ab0feb2fc94
-
SHA256
b96cfbc6878aabb8d480b165c2576c68af6807c8b80bc80810effd84be7f08e7
-
SHA512
3a818e237260912c50c0ae9ee77976fe778b11d4a5859eca62381e34ee796729a3d6eec492a9511223552220ec27816755093c80d8b1e52b6e1b870f926934c0
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt
masslogger
Targets
-
-
Target
DEBIT SLIP.exe
-
Size
775KB
-
MD5
0c745a8bed9b15ae636a3a4cdfd1ebb0
-
SHA1
83789dd42bea9365cfa0c9b3498e4ce0c2c9808a
-
SHA256
192896dbc7744f51c63044f4bf8a0fd260cc73ddcc84200161ce45b81c7e9e50
-
SHA512
0de3f1227abb606d1e754499450acdd44565f52afed5e73bbc6078018b374e4081fa072acb9856f7de17a91ebe21ea916ad519cd8be1cef650e702c764921949
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Modifies visibility of file extensions in Explorer
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-