General
-
Target
2d7635267f2d61a1f505e1ce8e760361f45ecb398a633e142bc2f446766229e4
-
Size
757KB
-
Sample
220521-dsy8xagcd3
-
MD5
03919aebf0b8fd7b7b4055116ae509a9
-
SHA1
2108c4cbf4e5a544e59115740d4b43f58cadc15f
-
SHA256
2d7635267f2d61a1f505e1ce8e760361f45ecb398a633e142bc2f446766229e4
-
SHA512
805b68c7aebd2d60b08b6540e197364f61b62f54ab502019a5999e3b38e52e94817bb79e2f969fb26d23feada2959572a814f2f52414d83186c44d1e227880d8
Static task
static1
Behavioral task
behavioral1
Sample
SCAN 0004_DAC cable inquiry Project lists_EML.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SCAN 0004_DAC cable inquiry Project lists_EML.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
SCAN 0004_DAC cable inquiry Project lists_EML.exe
-
Size
785KB
-
MD5
6a27f551bdad73b4304c1315f303f03b
-
SHA1
f570bea0bc397ec47b8f35c4abc89846fda6841f
-
SHA256
7485d0901ff7712ac62ed00e1b0964d9656d73d1b916f399fba125753f50c05d
-
SHA512
41fc27ba89c81f6724a0af33baa637646d5e98bb7f54b8e2c61d864c94e058b51031371f109c26b29d8815d0469566520cbeca1f703a54f993562bb5c96cc92d
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-