General
-
Target
4464f85e92b417a3ac8cd3a4578cc4557f9cf9df36240052605dba93a4968571
-
Size
850KB
-
Sample
220521-n83ldaeha2
-
MD5
5269cebe4f267fbd1f0def6870b8f3fc
-
SHA1
10b821f502ac01ccfffe07a8afe413ca7ce99c66
-
SHA256
4464f85e92b417a3ac8cd3a4578cc4557f9cf9df36240052605dba93a4968571
-
SHA512
f6bc8e2d2e7ee3e559e67e0057382c2c2e4d755cf06e40bec8835d6ab1b2ba82c95e3642f2dc7a85bf847b816c362445e14c4212d386ef3454861b572c0302f4
Static task
static1
Behavioral task
behavioral1
Sample
Company Info.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Company Info.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
m4cfund@yandex.com - Password:
Dmacdavid
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
Company Info.exe
-
Size
1.0MB
-
MD5
49c568fb7de5bb77140ab3b40e54fdff
-
SHA1
6d74dbf23a857e11d9a30a28e2ebe7dc3b74735a
-
SHA256
77f7dd01dbc1cfa243fc8301937058094b3c02ffb3f18e8dd7b3221723705049
-
SHA512
de918d8654df77256b5a7036c8c5e969605c2744e160b58cb5bd86e0abcf691c9f55bff43299b3149152ce5c02191c9b8e56b4254dad7e9dea2c7dc7b41489de
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-