General
-
Target
38dc64b6cae87d41bfa98cd0f95d97d0c9e91ca9e9a06fbb721150a943e0a62e
-
Size
1.1MB
-
Sample
220521-dpv23sbbbq
-
MD5
6a4db70f52ffee8807ae0259d2a9602d
-
SHA1
91549cc1c9131b7b817477b816f414d48740b7c2
-
SHA256
38dc64b6cae87d41bfa98cd0f95d97d0c9e91ca9e9a06fbb721150a943e0a62e
-
SHA512
14b7d5d477f69dce20355be5cf17bda7202a273a701382f04db5165343fc69cccba1d5c8c3c0bbcea0c6ca2923745c72b5015c7224499f2fd19f5b6c3a285fe1
Static task
static1
Behavioral task
behavioral1
Sample
DHL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
DHL.exe
-
Size
1.1MB
-
MD5
ac323e213c469608775d7c4a6f921d97
-
SHA1
f671a02e9bca87bf909808ea43cfd4306ce6f710
-
SHA256
ac5ebcd391d6b8a015e80ec1cad293374a5a26729b475de2d93f76cb6a3cb8c4
-
SHA512
25ce741055dd8ce3d8b1d1def4a47be0d59ab458b68e06d92cdb8ef0737bb017e6d2b3e6a6f3e8e47771673202c3587525e950cbc8d3c9d5d5e7d109b9e12a66
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-