General
-
Target
9e3ac866e68d0d0c7d2922a5853eb07845d038c2c5a89e5b5b05bf06d15cb537
-
Size
1.6MB
-
Sample
220521-padd9sehe3
-
MD5
e1496bd35762536cc5c49c6d7b06228e
-
SHA1
4aec0ee41057b4b2823e3bdb557024e1f7ac0b0e
-
SHA256
9e3ac866e68d0d0c7d2922a5853eb07845d038c2c5a89e5b5b05bf06d15cb537
-
SHA512
bfcd6667c629c0061cc650caab1d2e49d2163db12c5496e4551caaf1750392faf550e01557afb6207293990b1968ae148fbc62e295b99d59f872d8d5955f79c1
Static task
static1
Behavioral task
behavioral1
Sample
PETRONAS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PETRONAS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt
masslogger
Targets
-
-
Target
PETRONAS.EXE
-
Size
1.1MB
-
MD5
2937c3e8202ca5cbf7122653dfcdfc12
-
SHA1
30cef95c63347fe0d18f8da85d4fed786839d867
-
SHA256
9ee524a368973c7ab34281d50a8990a77a4c3c842c4db945cab0b7102714d5bd
-
SHA512
e8e78f050270122889b78c59bd7f0f40e4039b69160fed6f1d4f8653def2e2c58f291ccb77682b5ab82f66cff7132aa39bce46e9054187c592edf8e711bb8db6
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-