Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
12e7f4deb08d8ad253b59bb4d63f3f73705c4af7f564c5b5e8436e9034d29541
-
Size
964KB
-
Sample
220521-dzy7gsgfb3
-
MD5
c5fc792c3c170986c86f93ba25bb8824
-
SHA1
ae64511b247da1f82925ae596576898a5ffd1dc5
-
SHA256
12e7f4deb08d8ad253b59bb4d63f3f73705c4af7f564c5b5e8436e9034d29541
-
SHA512
549664ff77d16c825d18dea74139f48fc99a90686ff05e11253e0c8eeaa297cd2563f79466755f29f5751031db5c6d0be02499a967227f0775b05ee427989af6
Static task
static1
Behavioral task
behavioral1
Sample
Fișă de plată 0005102002 20.07.2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Fișă de plată 0005102002 20.07.2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\19E979543A\Log.txt
masslogger
Targets
-
-
Target
Fișă de plată 0005102002 20.07.2020.exe
-
Size
1.1MB
-
MD5
3ccc6923e0cd1effbc2524ccf2edd208
-
SHA1
8a09e63ddafc9d07dd8859ac2d0a4e10c7b7eef7
-
SHA256
f1321e05a620c4258dabb652cae6f4f5609c8f21c2fa187fa30bb126e46e50b6
-
SHA512
6bef9b482e42e76a0318262cfdac53d6913712beebeef5d4aa34a190a34503ca3dc72bebb13d6f5a5642ccdb20bc06428dda42feb85d21ade6a035a6a1dca41e
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-