General
-
Target
4df6f0119b5bca7108d167be278e7b72d295953d145e9cb9b927868a908f1275
-
Size
994KB
-
Sample
220521-djpccafge3
-
MD5
75c82815ec1ee9e60d1e0505319faf47
-
SHA1
48a78b2d41d406bcbe25cabe147a42ded45d4655
-
SHA256
4df6f0119b5bca7108d167be278e7b72d295953d145e9cb9b927868a908f1275
-
SHA512
e6c2831498a1dbe9d1b8b2c6904fd4bfb151122fa0cf2ad745efdff67fa36e9c4d9ee12641ef28b2341ac640a791b55f3e73173465df1247e3e3b5c20d6533b3
Static task
static1
Behavioral task
behavioral1
Sample
SbOhNfBtuWBqGdy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SbOhNfBtuWBqGdy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\19E979543A\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.mytravelexplorer.com - Port:
587 - Username:
officeme47@mytravelexplorer.com - Password:
43K+H2..0_g^
Targets
-
-
Target
SbOhNfBtuWBqGdy.exe
-
Size
1.1MB
-
MD5
1da32c84d5a0932c2b42041ef77cdb21
-
SHA1
634a8ee49be1a77581d8941116ae9e5905f96f36
-
SHA256
29bf504889a98344e8f5199b18b4c86314c213de566a7671ddd55856c87c8cfb
-
SHA512
c7ec391de5723a29d9917ef812789fffb7643b6aeea71d7533b3478eb418f01d6e23e06679d50a45a99380b74422a379388ca85aeb1862e17353deb261f06235
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-