General
-
Target
4ee17266201356e5ce8814e47808256ba1b5fc735f0b813241cf2ad49a1bf229
-
Size
1.6MB
-
Sample
220521-djh6bsfgd7
-
MD5
8469e56c418e3f3472ef931ba0b988bb
-
SHA1
a41aa1ad2c1bf2819cee1d7808d78d89baa36362
-
SHA256
4ee17266201356e5ce8814e47808256ba1b5fc735f0b813241cf2ad49a1bf229
-
SHA512
2cda21f736f141e7517f769c7385b3a123c405a1b5944d73cd6c0eea9db85607c8a819e91effd4ce39b08e2155c9e6947dd4d2c538044efb11dc7b6e5fb70340
Static task
static1
Behavioral task
behavioral1
Sample
PO__2001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO__2001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
PO__2001.EXE
-
Size
1.1MB
-
MD5
7a849ed6586951b2f1ceccdd8df1c651
-
SHA1
47f7a8da680561b6cef0cec8813848b11a9679ad
-
SHA256
b3a68a5f2b68c4d0bb8d440144a968a680c954976bfeec54ae8074f616c0aded
-
SHA512
6046bdfd11f63e67f90d1468a4ab1b3a61c52887ac6f60d1468f66505b2865fd68c851fc2e5ed184f636968c09dc9f14568b7269dd8dcb70d133c8a0c0ca3cee
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-