General
-
Target
b0b39729cd6c31110c59b5783f8846a08d82c551ee01ce60a21a83dccc4e726e
-
Size
953KB
-
Sample
220521-crwkyshdfm
-
MD5
166d760519b696cc9982d1901b39b794
-
SHA1
192eb1f7beb0bab8038dde42cf4c39fc6f05c292
-
SHA256
b0b39729cd6c31110c59b5783f8846a08d82c551ee01ce60a21a83dccc4e726e
-
SHA512
0b32b5721cc40d2017615960140e90b2e9f9124f6b0a72b5def0cae8e5d748a01fbe7d5489165282c6ed339fd9bbc9ac36cdb473e6727c20c9dcb540e531b949
Static task
static1
Behavioral task
behavioral1
Sample
Paymeny.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Paymeny.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\8506BBE7FF\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
O1212@3213#
Extracted
C:\Users\Admin\AppData\Local\19E979543A\Log.txt
masslogger
Targets
-
-
Target
Paymeny
-
Size
1.1MB
-
MD5
0636e4d8ffdef312277f39c4081c7b6f
-
SHA1
bd621ae2ffcbac4286b433d89a73b2db3a55ab22
-
SHA256
26323046ab175b318c9d8dd718cf7537ff92140d04e10f3e2849df9d81a0a009
-
SHA512
e17c301715314731bc69dc14498c407d882aca674de823ac49e2effcf47b83bef7b62191f9d8a3104409eaad5516b5849d80326c693851beeef76e8fdf7a6e0a
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-