General
-
Target
a387eda9019c925849747107987f8e232b8c0da6f1f40dccec3eb525cc35d051
-
Size
803KB
-
Sample
220521-cv6kbseef2
-
MD5
34b80396d558910fae81a63dde7eb3df
-
SHA1
3083f5fd4cefd79ba80aadad04320d148743eb11
-
SHA256
a387eda9019c925849747107987f8e232b8c0da6f1f40dccec3eb525cc35d051
-
SHA512
0b5fd74b2a0e43f5d61520d5d8d1086c66dfdf10e61dfa40cdad718cedf33c7c61e8d71cdfcfec386b97e9e76576fe2c6c1f77645d6098743395a5d72bcbfa27
Static task
static1
Behavioral task
behavioral1
Sample
RjJZqTyRrEpvftP.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RjJZqTyRrEpvftP.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
requestShow@
Extracted
C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt
masslogger
Targets
-
-
Target
RjJZqTyRrEpvftP.exe
-
Size
863KB
-
MD5
95b6c2e6cfef73be03af6ec5a4c82be8
-
SHA1
de12d0b9c6141d48b5cf436446071b57cab750be
-
SHA256
05634115b645d0df04cd66ef32a3d4301fda48edb1750d87f404e1ba73b6be04
-
SHA512
339cb7d10389e45aa87b0e8e76a95662e4a7487e8585ba58c085956b0fde873ab068a6b4880d96f2641aaa4b8ef786516292f936386201846ed5e986f008604d
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-