General
-
Target
bc501d3b47f591276bfa86741e6891f0141d5fbfa63f0f506b5eb1bb34a1c9a6
-
Size
812KB
-
Sample
220521-ng577adfh6
-
MD5
8adc3c89dd43c779ac4d3ce8c8be6af0
-
SHA1
0a3e0fd0ba7a9089ba9610d158f1e86ed16f39f4
-
SHA256
bc501d3b47f591276bfa86741e6891f0141d5fbfa63f0f506b5eb1bb34a1c9a6
-
SHA512
96d3ce340b5fe2bb01b5af1c90ec700e355b8ce4116fac065a532deb6c9257948acaf116d7df05dc2df1fa90c84d25da6092b516d14046595612742351564c4b
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Targets
-
-
Target
Contract RequestPurchase Order.exe
-
Size
862KB
-
MD5
983c9501317f9b4091073e067900afb3
-
SHA1
62f508b5fb7e80f5b755e5c6b351d244ddfce74f
-
SHA256
7bb0368333b8dc8c6b4c422f11c02ec43d385547b460c2f1f8cf78013521a2f5
-
SHA512
b587eb07df4d9388f28764340419e7981e6b47c76e58fb26305b1c952623d05c42c4a7886ccc6c50ea57148a561f5909bf8282afb1883f253cb6eb94e179a7d0
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Looks for VirtualBox Guest Additions in registry
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-