General
-
Target
a262a5a7fee574f02e945b10f56fb85946ec464af503c1cb26eb83e44afebcfe
-
Size
766KB
-
Sample
220521-phcspsaefk
-
MD5
347c25bbd44b8ccaec8ac61fc7ab63f2
-
SHA1
5c15431d3e7d149e8af8f4c914bb7ea7352cb7bb
-
SHA256
a262a5a7fee574f02e945b10f56fb85946ec464af503c1cb26eb83e44afebcfe
-
SHA512
f6168ff4c2a74a999045dc6e782ee947fdb845358b8cf7603870288339873dbd09bb416c4839360514d3f45820a09a2de2519f67a844f40db426b4d4e3037fc9
Static task
static1
Behavioral task
behavioral1
Sample
Enquiry.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Enquiry.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Enquiry.exe
-
Size
797KB
-
MD5
f71557e9155556d4f0ea0e03b307f11d
-
SHA1
a04a977026b26e1da0f43ba3fd6a1112df109db9
-
SHA256
1f4f66b6c25fcf9e510c93af0fb57942013de942175617a7b3a515709a44bed5
-
SHA512
8a575f1a4364f35d3187cb9eb117a7bfdbc4d152ce2a72bfbca4dc80f6007493109de56ec4e870a2486df30bd17904970f08c463119280df07b06f7d8c9596f7
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-