General
-
Target
04ef0a62b8d14320163fa5bd84f000d05cbecffe1f65adfac23db9825c7f10ba
-
Size
965KB
-
Sample
220521-pcs8hafae5
-
MD5
9996c0a8f002d832a13982d98daf3d73
-
SHA1
f82ed2889df0b08462b1c3a97e34335211db11ca
-
SHA256
04ef0a62b8d14320163fa5bd84f000d05cbecffe1f65adfac23db9825c7f10ba
-
SHA512
a0f7b93eaefcedc1de197c6ae5aa75c25ffc3b86768c7c2c99c565c2c1186b048f14dc1efcbf0a9ab334646895434018a30c8369759dc8f5ead56a4a90cbc8ce
Static task
static1
Behavioral task
behavioral1
Sample
scan00465.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
scan00465.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.saritatravels.com - Port:
587 - Username:
[email protected] - Password:
sumits%$321
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
scan00465.pdf.exe
-
Size
1.2MB
-
MD5
52555fd6673c6f44b7b57d6e1833d1ef
-
SHA1
6c7dc7a759845917b43da8d5dd73e8f34623adff
-
SHA256
9ae31235da17306c07a77f94a3541a835f0033df9bc7636a39c984e8cea9e72a
-
SHA512
a217c4dc99f575c76d3894f2a4e78d810d00a8e5423093c3e9e622b4f94f46261efb74be76278d72c139f0196d20774ecc0ceb2f670768932fcf4e439df38847
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-