General
-
Target
50917f02e651e561e9bf8bdcbfd3d7603fe9c6ea08a08d9953967500fcf864c2
-
Size
476KB
-
Sample
220521-dh7gjafgc4
-
MD5
0868eed0dbd6a06a76bbcd047e6d2760
-
SHA1
a09cda0a34ccdcaec6d1be2b0ec5c174391aff74
-
SHA256
50917f02e651e561e9bf8bdcbfd3d7603fe9c6ea08a08d9953967500fcf864c2
-
SHA512
f881dd32277fdfd67fdfc735785b419889d20432ec565f802f1b477fe6f7b053cbb5e6590385f087da2fd71544239cfe34eb0737e0a189580275ca5de38a548b
Static task
static1
Behavioral task
behavioral1
Sample
952110_2020713.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
952110_2020713.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\781F780B4E\Log.txt
masslogger
Targets
-
-
Target
952110_2020713.exe
-
Size
1.3MB
-
MD5
52e2dd01e70bce5aac4f44e19c2876e1
-
SHA1
bf7326838f7b86565769f1c122bdebbbf5b6a097
-
SHA256
f486c5d5fe3c9341cd331a8e6a68102a9bd7a9e7864c5179948c585806828006
-
SHA512
1ab82d5d08de1f877ec4c45d75597f4d584460bf37c6e8e271f6ebc74a452f14b39c84cc22b2bf8a3fadeaa53f87881dcacafeeedfcaf500d34e09a8f659ddbd
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-