General
-
Target
4dea4adae2cca4200e5c12ef9f29b5b62ddf100b91d75ff99a42a4db46023cee
-
Size
832KB
-
Sample
220521-n26dpaeec9
-
MD5
7fc316bbcc6593563366e6911bf47e97
-
SHA1
eeb8d2a2a2597953bc5c41a1d3a171f4f6d947c9
-
SHA256
4dea4adae2cca4200e5c12ef9f29b5b62ddf100b91d75ff99a42a4db46023cee
-
SHA512
805d6d01b3dfe1fdababc41c090c0831064ad7e1123ee85155fdeb7a7d5781587d374e85a7f4c950272c64891b5ab2b2bb8c18e69839d7dd4d5ddb36d06f7a3b
Static task
static1
Behavioral task
behavioral1
Sample
Hesap hareketleriniz.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Hesap hareketleriniz.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\3B8E3C2477\Log.txt
masslogger
Targets
-
-
Target
Hesap hareketleriniz.exe
-
Size
1.2MB
-
MD5
59f619e37d60f82d7575236914115aa1
-
SHA1
d2dc034f8b5ad108c5c588d40f8937668fd72198
-
SHA256
724e4c39841778153489d4c665f37fd5f3baabe4f151b2e78ccbe585c6f5c5b9
-
SHA512
a5ab15cc6e6b8368d599f0a031353c597215ad8eb2cf8a22a3938bc9eb03babbcc52c96773faaa764271945350941f98003d285da9d1be85576b82d51efc31a8
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-