General
-
Target
e13e69844f408a554bd0b8cac5fb83501d1873d62247f27d71c4209daef6ebb3
-
Size
783KB
-
Sample
220521-pekn5sfbd4
-
MD5
b837a926e7b2f95b1567b75471651c30
-
SHA1
bc0c1094b790f0b8e48fd9816c5a12d8d2cf5c62
-
SHA256
e13e69844f408a554bd0b8cac5fb83501d1873d62247f27d71c4209daef6ebb3
-
SHA512
a83993c3a075d2d65717f9313f1cbaa98133751fe60037d6e0a9f545d83b2cfd36668627e36ea9e32299a8e3cf4544b6a27fb3bc3cad235031a27f7e33647547
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY_RAW MATERIALS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INQUIRY_RAW MATERIALS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt
masslogger
Targets
-
-
Target
INQUIRY_RAW MATERIALS.exe
-
Size
813KB
-
MD5
1623cf161d271e79e5c1e44090fca4f8
-
SHA1
6ae498b9d21be8bd26a9bf1fb5a53150ce54c467
-
SHA256
4f4e3e3c855256df5e4de448afc3c08fe1635ee8a1200e0ea2818210506f0319
-
SHA512
76eab242d3071bc6e60215dd2ddf78b6cdf874c235e62a58818c248a334af737478c790a8fe526645e3dbedfb2bfadd5e6af33cffa82f917b681ad6dea3872c5
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-