General
-
Target
e50a804199c2303cf419613432fcc39612d644a0373e72e5b15a96b56a0521d6
-
Size
865KB
-
Sample
220521-ndsspagfdj
-
MD5
7545cbee396441ca0ce3c2cf16f8f6b7
-
SHA1
f2bd5bc0d2e6169719fab44f600bf52134113289
-
SHA256
e50a804199c2303cf419613432fcc39612d644a0373e72e5b15a96b56a0521d6
-
SHA512
9e20de916b8da35f734aedb0bc07d37b49d248a57c2fb875c3ceeb8055ca7c05e7392f06bbaaa0b456f8ed39c12221a899912fd6b7c1d41a1471a036501d91ef
Malware Config
Extracted
C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
domainname170@gmail.com - Password:
08085892400
Extracted
C:\Users\Admin\AppData\Local\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
Purchase Order Sample.exe
-
Size
1.1MB
-
MD5
2a3f68d64b40b2b1ab652183adcc69d4
-
SHA1
59365b442e3be214cd76ae164daaa47e0d52fb99
-
SHA256
1590167d71c9cd4bdacf01d5e56fb3b4315ddaf7ede3dc270de784a7ec12f2dd
-
SHA512
9b195df8e8531aaca6a8ea5b5163ae1cd05a2b69be23c18fb486439b7cb6fbb8dac57c8dff86677a274b58605161faa871c949d8cbb682b6b0f3c6cb501bb33f
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-