General
-
Target
976057630c1e1350205d9a1d7beae6cc16d5e1fc5db75121dcba3bb3e6a3baee
-
Size
799KB
-
Sample
220521-cytpyahgep
-
MD5
087505c8b43d0ccee72de22fb6cc180c
-
SHA1
a5b0cf4d0e83a31779e057ea26360fff1329c327
-
SHA256
976057630c1e1350205d9a1d7beae6cc16d5e1fc5db75121dcba3bb3e6a3baee
-
SHA512
d0907c670a9742b8210ff58b8355131a4c7d41cfe85e7a5f55d2bc87faef1fb486c94eaae3ae163fb2e1ec903a267b3481a0b67a51d0da3b34b108efc42c99df
Static task
static1
Behavioral task
behavioral1
Sample
Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Order.exe
-
Size
860KB
-
MD5
de5b2c1d0784479196504eaf6b4ba281
-
SHA1
92fe0e729248c906f8d5da0edfa6ae418a094081
-
SHA256
ed9f4e0ebed57c627e7cabb5592c623fea6b311443940a10341c46f3e28492d1
-
SHA512
73d241f030cc0dde6650204a48abfe8a4d7b89745cd9b3c89e98ef441a9e7f4c97520d6cfa0a7c77398960d692c43d758f324b66b4ed739c2cfe0ae4382d4860
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Modifies visibility of file extensions in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-