General
-
Target
3e9e01606f941f5382aef016c7633ccba552e9147f3aafe637791294775b2c17
-
Size
1.3MB
-
Sample
220521-ntynwaebc8
-
MD5
9386198fec7123c9b59810be36929e5d
-
SHA1
997fdcb79252a1e19da9bc66daeac51da3265276
-
SHA256
3e9e01606f941f5382aef016c7633ccba552e9147f3aafe637791294775b2c17
-
SHA512
eebb3df7806e8930747d05edc079d98599c4d6780f11b56d37ef872d664ce7c54e9ff40977323af607a9ee64269c880958bbf7e059beab78332da544b856561c
Static task
static1
Behavioral task
behavioral1
Sample
IDBI BANK 22.05.2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IDBI BANK 22.05.2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
m4cfund@yandex.com - Password:
Dmacdavid
Extracted
C:\Users\Admin\AppData\Local\Temp\781F780B4E\Log.txt
masslogger
Targets
-
-
Target
IDBI BANK 22.05.2020.exe
-
Size
2.7MB
-
MD5
edc942f083bb76a8697fe2ea964ea802
-
SHA1
5735d65c8ca05aae13090d434cd352f6bc3fb35b
-
SHA256
8b74dcd5ef2fc40d86bc26ed2385d80ab520ad845a4c1b101f3ba13ff36fb35e
-
SHA512
191aa81cd43a5d41f4d93aa93db82c61096de5665ae218a7bcd97e7ba1100162f007ef616da033ce20a1537ac87f45f700fd006015a778327b5ca2421a5df734
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-