General
-
Target
b73eb50389b6053796e922d764b9fd8b94d90d21c8c885ae265e6092ed971dd8
-
Size
840KB
-
Sample
220521-pgbt1sfcc2
-
MD5
5ae073de5fa4ca34eca9bc0da2beaa5d
-
SHA1
7faa42550fb32f8ada9bced524e2e1970a0483a3
-
SHA256
b73eb50389b6053796e922d764b9fd8b94d90d21c8c885ae265e6092ed971dd8
-
SHA512
96e928bbfc14ac8b9390ecfd0a137240ac00a8cdaece41dbf88267569365e320fbc56ef13c524589f587023a172a378845d37f30f16466cdfa55570ce7e60707
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.ucfblr.com - Port:
587 - Username:
narasimha.murthy@ucfblr.com - Password:
Nam@123s#
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
RFQ.exe
-
Size
899KB
-
MD5
87e11aa7db38adec3ae9bdf63bc503a4
-
SHA1
7adb67850e4e30293a685e0680930f7fa3d260ab
-
SHA256
b8892e7eafba52a3b311d7741d89363ec9d52b8d1fd180ea32385be609a6b9e8
-
SHA512
5bddae5ab76df3057cd6f2fa9adab6f12d254e74d21d253b59e84675029fa8b408a364b3ca55a2f4b7a08ec3b29ed0b98730ab425a63c5baa4f8f08b48e87fd7
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-