General
-
Target
3d6c42cafbbcb96f6bd42158290f51c6bc6b9ea7470fe27a9326f998acea91ea
-
Size
842KB
-
Sample
220521-dnr9ssgac8
-
MD5
66cd5d0e42e50c1bfd40c9b32f4675da
-
SHA1
e220b6b1c60297ce252dc26280584a1a72b768a9
-
SHA256
3d6c42cafbbcb96f6bd42158290f51c6bc6b9ea7470fe27a9326f998acea91ea
-
SHA512
f7005b9bfc4a8dde2afbf7ae510cd7e1749883aa8b9f156af58655d83cda947fb65249124138e08102c93cd2e2c732f63bd0e45ef77999c831a7fdf4406db930
Static task
static1
Behavioral task
behavioral1
Sample
Attached Products Inquiry.doc.z.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Attached Products Inquiry.doc.z.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
bodycaress@yandex.ru - Password:
publictalkdycaress2
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
Attached Products Inquiry.doc.z.exe
-
Size
883KB
-
MD5
f2209b14ae0829869f16b7dc0c78c813
-
SHA1
987e30e37d99b08d9d22e199108893cf01ee24a9
-
SHA256
8fd65d51cacf70ad39a95d0c7e89af58c406bce0a61f1365ba7889475e0e1218
-
SHA512
8bbf5abcdf24e3aefc20416bc5b7afe89549aa42c5b28e05fb7a009bbed0a3651d7240d84fc7b44fad9b6fc8857d93f36f5b0f2d93f923918a85e5a90b5f17c9
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-