General
-
Target
4e002ce22b5c5778b1f1761aa0e50e4841f708b5754b825fbcc359403c9e0155
-
Size
990KB
-
Sample
220521-n65b7aega9
-
MD5
8e59ab04ce35619878226a27062623fd
-
SHA1
214b2b1f6576d8039c8bf736e23030861a00057c
-
SHA256
4e002ce22b5c5778b1f1761aa0e50e4841f708b5754b825fbcc359403c9e0155
-
SHA512
1ce11da520c7a653911f1962d4cf031581e01e98d8d5460af53214145001b6707312378078374e80b34e53f68bd89bdbfc6b2a3dced9657a6530415017049917
Static task
static1
Behavioral task
behavioral1
Sample
inquiry Nasser Al Falahy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
inquiry Nasser Al Falahy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.samlogistics.pk - Port:
587 - Username:
imp@samlogistics.pk - Password:
Seaimport121@
Targets
-
-
Target
inquiry Nasser Al Falahy.exe
-
Size
1.0MB
-
MD5
a553824d8e07c030ee3d8c8c7ffbde82
-
SHA1
105230ce033771a93e3be121bcbb2b1511ceb008
-
SHA256
5a08d0f514ac2efd07cc045c1b896cf7c6426dd0013ad523a14bbdbce2b25edd
-
SHA512
854c2af6efe2ff5bfb00b7d10dd3d2a0a682ba746180a4d38d4fc9761ffe508867a7827103379c9b32b8cc8b9ceb79cbac80e1bad3e70cecbd0aa335f93bbeab
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Modifies visibility of file extensions in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-