General
-
Target
56cdab11e53a0e5874133e04e90e5829f9d28a3cfd215a5f9e98c3b146bb3c1a
-
Size
577KB
-
Sample
220521-dgjn3sagbn
-
MD5
5964c57dd10a4d1ac63f9f2782c25f6c
-
SHA1
24760cc40c7e41fae000aaed99226adb9381b26f
-
SHA256
56cdab11e53a0e5874133e04e90e5829f9d28a3cfd215a5f9e98c3b146bb3c1a
-
SHA512
d172daacaa02a870e229876d14c772eddbdf9f203126a853ea4df776b96303ea95937573bd85759fad38b2e6c319f21edb4ef8149cc4827f4006134a9d255dac
Static task
static1
Behavioral task
behavioral1
Sample
6784Y487302922.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6784Y487302922.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\2EF8342664\Log.txt
masslogger
Targets
-
-
Target
6784Y487302922.exe
-
Size
1.2MB
-
MD5
3007a546519fb74394d5819ffd5e2ff1
-
SHA1
825866a00a7b2d9a94a9da0d865394bf3bb99920
-
SHA256
8908918728286712e2f32e8319e75af0341d9c1bebe07ee460362d4752d6f1e8
-
SHA512
37aeb1430e2787f1d8e48bad4eddf3013aeec931c1cded6180f8d6a389e7bfe3f52768f7047abebdb300b3d9f83ab843079a77e7822014dc65274b62b795e353
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-