General
-
Target
c164654ca1dfb82339fc77a71dd10b14f0ae3ee59b3fc0778453da33594b7768
-
Size
789KB
-
Sample
220521-n1kqlaede6
-
MD5
552a46f4c04052fbd4bc917d569624b7
-
SHA1
808a648db55e3da08933ff97ba54b4b812d0c96b
-
SHA256
c164654ca1dfb82339fc77a71dd10b14f0ae3ee59b3fc0778453da33594b7768
-
SHA512
db88010399a0de9a0efed7f77730e633522142332087f384f06be66f22b6832dd693b78c8f89bb1dbebd427b57ac17781ff3f502f48e6005436036d7877b4e81
Static task
static1
Behavioral task
behavioral1
Sample
PO 0856.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO 0856.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
PO 0856.exe
-
Size
826KB
-
MD5
d67f23392b5e1640bd691a86d77f3069
-
SHA1
4d5944a0a8ac2ae68caed78133958b8c4fdf1dbd
-
SHA256
54c429599d77052c7db47b68ac4c028065c4cabe7645ced48300a3ad774414ed
-
SHA512
b60d393e27f764ea7bcd43c43f67f58a9db326820382f6dc2b19660f09471bac0a9844b85030693af02101afd9ddca608dedcfff03c8ad99c4c25aa6a012c429
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-