General
-
Target
6e4fa34445f2439fe41ba7df0502aad79728646a2138b264e5945c9c980794ce
-
Size
1.8MB
-
Sample
220521-dal6mafce7
-
MD5
bcd8b981f9806750d706051e3b32342a
-
SHA1
40aae52d6f135869877aba34cd33229335229986
-
SHA256
6e4fa34445f2439fe41ba7df0502aad79728646a2138b264e5945c9c980794ce
-
SHA512
10881f91ccb322f12a724ba4b8b848ec5d55232afaf9ac1d8c9582f729893b822a61f2a8bc7be542c3f662080ee4cf10a22b99160c79efd8a4c5a5c17e1bf231
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\2EF8342664\Log.txt
masslogger
Targets
-
-
Target
PO__2001.EXE
-
Size
1.2MB
-
MD5
5023566d205bcc7958ccbc84be950e9d
-
SHA1
4f7f6f3ad838506c5b141537f413eb341bf17027
-
SHA256
b88b1caee334cbd27f17d4310f2b51c26a5a9411452ad2f4b7fa17e1e81b59fb
-
SHA512
732c033c5c38464f2255e964054d1e4d727cd31f7c64817d9a29e3d44da30583c2e552646f7fbc4a37e4662a4457c2c40abd1ee95d80ddd84e62b20e004deaa6
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-