General
-
Target
f0efc375612e351ab0fc7cdb2ca1da8d95299b63811b6ae03a88719bc01f309d
-
Size
831KB
-
Sample
220521-nykmtahdfq
-
MD5
09bf8391add1b924c9ce611570108248
-
SHA1
a2bfee4a27d0e9ebfe0f10e909889bd8784a2bf8
-
SHA256
f0efc375612e351ab0fc7cdb2ca1da8d95299b63811b6ae03a88719bc01f309d
-
SHA512
330325f46b03b9349372e239163d52274715399e06f2048ae73d70cf7bb0895047f6a7b4d2a33b99710ea2de84f43d522140c5c5f471ba4aefbafdcb173aa33f
Static task
static1
Behavioral task
behavioral1
Sample
Offer 2020.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Offer 2020.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.izgikrom.com - Port:
587 - Username:
muhasebe@izgikrom.com - Password:
Krom544725
Targets
-
-
Target
Offer 2020.PDF.exe
-
Size
866KB
-
MD5
d5ab2ed98b96b2f8053b3731055d3e83
-
SHA1
5509127c6cca22bb9f0c57e5ad0c2a210d3c665a
-
SHA256
d6474b32515b922b6bcea229c97c7785566dbbc0f598aedcb58dbde3795d22e1
-
SHA512
2c2a5503b57f239e6af8841c39875f252e6f44cbd2326faf744ccfe5e5e0efc067ecd397ea425da98bb0d51fda095035b07461c79b495cfa4779fe901935309e
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-