General
-
Target
c35efac9d16552df2c7020672b7a1b10f18922aa7c52b1f2b9418a2fa2802570
-
Size
1.2MB
-
Sample
220521-nc8gragfbk
-
MD5
0702d67039d4a679a0827f0fe234a18f
-
SHA1
7e706601b1ce37947451bf0e1ada40be2cdef351
-
SHA256
c35efac9d16552df2c7020672b7a1b10f18922aa7c52b1f2b9418a2fa2802570
-
SHA512
648469f430fba77be83782b29fe4f184bade06f87ef5fada6de3c7d2fa21f62dc615a29cd084b41cfa66d82d054d655a645d40e23fdcb8661d9697d8a019dc9a
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
m4cfund@yandex.com - Password:
Dmacdavid
Extracted
C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt
masslogger
Targets
-
-
Target
Erenrcompany.exe
-
Size
2.3MB
-
MD5
97ce671821460fdb8d39cafd4465cd90
-
SHA1
abcbc042a758985fd3ea04af3945de5f0944dc60
-
SHA256
50ff0aae0a9f7c1fc39e15483e5ebf8235d18c9d9ef2a5bd75a538c0a42e444e
-
SHA512
9d8b9e7ac98b77950fa904e83d7351ca5003145a7a3312d35ddd8d33d4ab853ac33cb87890538ae1212ca52c2e6f9d2853f79e1a4cf28ba079d6d1cad05df754
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-