General
-
Target
38816306d8ef0a7fba0de311f98cd8d5adfd15749a5f4995294ff0c3a34c1e76
-
Size
638KB
-
Sample
220521-dpz12abbcm
-
MD5
e5a7f1ea29738d1e2402ac0afe7d05d1
-
SHA1
e58991e2d5453d3c19baf6f6adda2f86a66ec2ff
-
SHA256
38816306d8ef0a7fba0de311f98cd8d5adfd15749a5f4995294ff0c3a34c1e76
-
SHA512
6743a2d105cb1ac94c5a01fd16395fb99551ab75b514c261e3a1f1ce678c199973daca419521db26ca1c50aa50cf83def07ca31aaebbabcaa57c1f443deaa744
Static task
static1
Behavioral task
behavioral1
Sample
Dijk Natural Order.pdf_____________________________________________________________________.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Dijk Natural Order.pdf_____________________________________________________________________.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\3B8E3C2477\Log.txt
masslogger
Targets
-
-
Target
Dijk Natural Order.pdf_____________________________________________________________________.exe
-
Size
1.6MB
-
MD5
e7c451f315b71a66a7664da405c678f4
-
SHA1
523a306ff0b072ce178b1e6e42336bfad604f3f1
-
SHA256
797c64ffd02f4ed730fc195028cfe6b82928403e75a94d14f8f8de87510818e0
-
SHA512
86b725fbdabb35b99963c8689e23240cceb2430ebde0bec2c2ea44b3433fa06fb11c8d73d6f7d4f6bba450cd2f2a331de98e9eb7a50f7726170ba34da484ba5f
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-