General
-
Target
10a4ba420a16ca28bd4a7b50d7f947d4705bba87031009a45e8ace94e7dee855
-
Size
2.5MB
-
Sample
220521-d1t9xsbfel
-
MD5
954c3dea8ffba872ef001fe68ed6e35c
-
SHA1
438fc376d6b3d2ce608e3a6a6fda8ecdc5f3f242
-
SHA256
10a4ba420a16ca28bd4a7b50d7f947d4705bba87031009a45e8ace94e7dee855
-
SHA512
7d18c40c064f65b34db88be132c3fca165d96042c4e4cae39c63b76a3d766de2a6562b99b50fe9e4d49f835dfe532bb510625bd943e3621d8a6f8e7d6605ccfd
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
cruizjames@yandex.ru - Password:
cruizjamesvhjkl@
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Targets
-
-
Target
RK__PO_2.EXE
-
Size
982KB
-
MD5
a5796bf649f72fdcae32b0a0241de4fb
-
SHA1
f302b9c34ed15e69f1fbe938fc7b0c817a2c963f
-
SHA256
5e2a294936d4b10a484ef84819a6279566e1f3028fd684b653998054f7f42181
-
SHA512
96f30fc24421f53160080936ef73741df0b5b604d1a158e3bcbb2bb747b1bb827a46fa6b71276b1645c2b9b6bcc28f9e0f250d4d698a04321c70257f9b9ac92b
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
RK__PO_N.EXE
-
Size
981KB
-
MD5
96de546b32289587f7db830e1e385a26
-
SHA1
60f2925dc7ebdb8aa4c844edcaa3b0b5c6b4954b
-
SHA256
00068dc51db13086db2a9fc776a55a946c699f1a225ee6595ae6b91ea469356c
-
SHA512
f26fe0d399a4b428a80a828c29e63145c7eb406200829fa473ae40e77c055f45071d4cacb02c8a59c87969ecb0dc3f7a7e97387bc0ecf34d080ede36b18951fd
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-