General
-
Target
a96a475be3398490fb0cb4e92cb758e7c8bba0f866f8fec08349043c7ea8313c
-
Size
1.9MB
-
Sample
220521-nf7dvsggfq
-
MD5
0d16e908f991fb5a9ce6dbbabe4d9aa6
-
SHA1
7576d951e4d4ef00bc204581068d163b6d7adfe6
-
SHA256
a96a475be3398490fb0cb4e92cb758e7c8bba0f866f8fec08349043c7ea8313c
-
SHA512
a553f492938026c25cc738ef64a7530f50f9f8b5923c14535d86fd1c3c5cd94121f756021b2763cee71c5468cefca7a162e0d60242aab9e3bdb28fd707f0e32d
Malware Config
Targets
-
-
Target
Emailer ? Quarterly Tax Returns for April and March 2020.exe
-
Size
2.3MB
-
MD5
48beacc3662cc5784bb8bd925958f50b
-
SHA1
c17b246dbbaa86c3e252b2978ce747456cfba241
-
SHA256
6033acde8c4bde98b22ad4e45db8bc34123e794019b42750a3430ba97e33c804
-
SHA512
68757d4af66fb544321cf25ec10695fd3d6e9bbc89b3bcdde27c3fde49f7c85998976a2ee6c32cbb18a3a6cac9c08d9c7e4444796a03364bf1803256226d9042
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-