General
-
Target
0e90bd89cf193f319915fcd00b77547acfd56537a820aee951ece4b3018d685f
-
Size
2.2MB
-
Sample
220521-d2f4pagfg5
-
MD5
c6f646b06f86d7d97784075cb89d547e
-
SHA1
6d89f4bca41c778223312b9ac10ad96e17673c04
-
SHA256
0e90bd89cf193f319915fcd00b77547acfd56537a820aee951ece4b3018d685f
-
SHA512
adabfc618cf4916c7efaf95cb8a1f871927ca7d19563025ff2807ec979de56388152b47da7b99c543c9472ef45ef1265ae2e1da998bc98f43380da44c6c34c1a
Static task
static1
Behavioral task
behavioral1
Sample
AVISO, Transferencia ICBC.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AVISO, Transferencia ICBC.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
m4cfund@yandex.com - Password:
Dmacdavid
Extracted
C:\Users\Admin\AppData\Local\Temp\F293CD6622\Log.txt
masslogger
Targets
-
-
Target
AVISO, Transferencia ICBC.exe
-
Size
2.1MB
-
MD5
c051a6a2518f457e2f98a5ae69b5e74b
-
SHA1
d4025f3a5f9a5cd1486e4b593c740717eb974630
-
SHA256
bb69c76bdb4fd7d1cba3cce7ccd70341ef077e7651a2d8542841c8e16125dd36
-
SHA512
83b03a86840664ed266f66740ed26ce06500c96deac3e0ddd906176b64c9c667153abf54eac82e43a1dc5b7886e7d44bff630d012952c77959e261777e01629c
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-