General
-
Target
c6fe57e614145a93c0228f4fa22f26187f0c70bd373e5d4e59a93172ba9520f0
-
Size
851KB
-
Sample
220521-pfr5lsfbh8
-
MD5
799304b72964c244c7a1c12398505140
-
SHA1
09fdbcaf6973d769599b6270c46ef14fe3f2b508
-
SHA256
c6fe57e614145a93c0228f4fa22f26187f0c70bd373e5d4e59a93172ba9520f0
-
SHA512
e4030c230568619c5f5804be49b79c06f01dea572337c1b830181c533622d0b2e2f735606795b3d15c0212c701b6204d1fdb2b39649eed3d3e874c2bd7793c29
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Order List.exe
-
Size
937KB
-
MD5
f7ce9ae72c2106ca0b0b85188b43f758
-
SHA1
0a542637796e19ea1cb3379471ba69fcdd9b239e
-
SHA256
112d707367a7101031fb617c9514187ca68b817a27b6b6a2ecc1b737dc974a1a
-
SHA512
9acc72e4fbaaea6b720e9da0d6649d55d18e201d41d252a8e62dde77a5b4a9e709ffbaa2ca533217176c149c485e6a4390a402ebce29aa91af0cb6d957d8ede2
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Looks for VirtualBox Guest Additions in registry
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-