General
-
Target
557eb2fb58b6f85f4267282256f0f2d57e9f71fcb30ffb4bdea5dfb7f1c2ffc3
-
Size
669KB
-
Sample
220521-dgv24sfff2
-
MD5
4b5d789825f58cad5127c98c0ae2e919
-
SHA1
ad78be891c12fe079742e4473ed48a1524bafe8a
-
SHA256
557eb2fb58b6f85f4267282256f0f2d57e9f71fcb30ffb4bdea5dfb7f1c2ffc3
-
SHA512
3672b8e7212edc6b69b490de060753bead19d091b392170b8ea22c1b11c54d128a119f44683af5f2f6018f46b8371ff22f9bd78b192c6c293ad530f8367198ad
Static task
static1
Behavioral task
behavioral1
Sample
Product Requirement.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Product Requirement.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Targets
-
-
Target
Product Requirement.exe
-
Size
1.3MB
-
MD5
477dbc7864513238de5b49b63db51e60
-
SHA1
80501d41dd3453e76f335b540a3352165d2f3ffc
-
SHA256
ed02a2653566d5a67a9b1863d02ed672b1947a6566cc61464f0d7a24ea335074
-
SHA512
49dce6611ae0d8b6d84d733e41bb405f71b542472a1d303ec0524950feab924d3e26b0daef5d1cbd7239fae65d49424a2d6455a398c4fdc023e62bfc7e984997
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-