General
-
Target
3be36c0b240bf371841a1a6d168dbab2f1f99d408d0dc8825565d4f5dac2fcf9
-
Size
779KB
-
Sample
220521-dn49csgad9
-
MD5
5575024e4fee3981795135dfff1179bd
-
SHA1
1e757be2b10039690499ccd81228a1b8c1cb9d56
-
SHA256
3be36c0b240bf371841a1a6d168dbab2f1f99d408d0dc8825565d4f5dac2fcf9
-
SHA512
9af9b6b49a6b555ef4d38ffe3fe03e21d75d4e6f036a42d67799319b6a3622f24db54aa865ea21d4d59443d06f79e06e0faba924d43396ccecefa9c971471735
Static task
static1
Behavioral task
behavioral1
Sample
Commercial Invoice Associated Bearings shippment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Commercial Invoice Associated Bearings shippment.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Commercial Invoice Associated Bearings shippment.exe
-
Size
813KB
-
MD5
2ea9a5352638c9c6430047177dc5a5c1
-
SHA1
9ad903dc1f854293f10fdfb85ff1a3839fdc7751
-
SHA256
9100a66246aa52a3839f411bcf8763f423abd9ae1ac664ea0435d23bc0e6f03f
-
SHA512
4a6ca927613d4b37b515c8bdcdd0ca13573f3dc517ec662211ab2aa31a76c0046a51ab80f36335371d421e34baae5dc13d47aea9e4a4b385a4ed4fc8bc5e310a
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-