General
-
Target
6d64b4e9f5d0ce23f886c24e546fa03e0f4022835e5c98249a6d4259a5d7fef7
-
Size
876KB
-
Sample
220521-de9sgsaffk
-
MD5
ebbdddb9ce2dd7f05392e2d2769e6779
-
SHA1
beecc35eeeeecc68cc91f738648b30ef083ca9ab
-
SHA256
6d64b4e9f5d0ce23f886c24e546fa03e0f4022835e5c98249a6d4259a5d7fef7
-
SHA512
c23659928c6042479343ec240a19fd9d524e5c3a1466425ae2b21e3b28ae2e83133c74fcac2aefc86695b556963c8a80a718a7a0b29443617ec740483ac36372
Static task
static1
Behavioral task
behavioral1
Sample
6d64b4e9f5d0ce23f886c24e546fa03e0f4022835e5c98249a6d4259a5d7fef7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6d64b4e9f5d0ce23f886c24e546fa03e0f4022835e5c98249a6d4259a5d7fef7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
logs2020@gtbenk-plc.com - Password:
mkoify147@@@
Extracted
C:\Users\Admin\AppData\Local\Temp\19E979543A\Log.txt
masslogger
Targets
-
-
Target
6d64b4e9f5d0ce23f886c24e546fa03e0f4022835e5c98249a6d4259a5d7fef7
-
Size
876KB
-
MD5
ebbdddb9ce2dd7f05392e2d2769e6779
-
SHA1
beecc35eeeeecc68cc91f738648b30ef083ca9ab
-
SHA256
6d64b4e9f5d0ce23f886c24e546fa03e0f4022835e5c98249a6d4259a5d7fef7
-
SHA512
c23659928c6042479343ec240a19fd9d524e5c3a1466425ae2b21e3b28ae2e83133c74fcac2aefc86695b556963c8a80a718a7a0b29443617ec740483ac36372
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-