General
-
Target
01617e0cf47c2d79cc79a14ae68f877b5e3736cbe9111d962384f45d71f5e9a9
-
Size
806KB
-
Sample
220521-d5w93sbhcl
-
MD5
33453429559e3cddae935cd62420d8a7
-
SHA1
1fef2250e2becac349f940c4d0dd18f7e1403c8e
-
SHA256
01617e0cf47c2d79cc79a14ae68f877b5e3736cbe9111d962384f45d71f5e9a9
-
SHA512
f53dcd8f54d996b6143e4c5959239905915fdaccd029a41304596ba89d7011ba79e1fc1b583b8572e0dee495255c87cb2a86c374fb1a0564f446b4ad3750659e
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
money123@@@
Targets
-
-
Target
Inquiry -Batenburg Bevestigingstechnie QO202000182________________________pdf.exe
-
Size
864KB
-
MD5
174bc3327e9eaad09baff6bbfae225b0
-
SHA1
188400f03c706a49ebdbb1970fc35f78147c69da
-
SHA256
6b287b9b3200533c490357e28b5e9c65856740c2a63c32dae9bd50b042557664
-
SHA512
f33a07376bbacca4b17791805f93da524f4ebe7bba08859654e300e5ac7f9239f6690f5323d3697b4db07a9671cdae885f08b38f3ea8511fd1b41631539f3aa6
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-