General
-
Target
9cb29fc1bad08e18786a11459ccbe677873e450052ad8f8384f980351eff9f3f
-
Size
725KB
-
Sample
220521-phjagsfch4
-
MD5
e60a6594a2946bd43120070cc2de71b8
-
SHA1
dc43d84f70f5b897221cbcd23d34b97ea80d4b88
-
SHA256
9cb29fc1bad08e18786a11459ccbe677873e450052ad8f8384f980351eff9f3f
-
SHA512
659670c32630dfb246e53af014c7468831dfd2d097e5403b8f8e20ec7d3e2be1b704525401ff1ddcdc26bfc52ae4d03035b65833e39b8979b70ab53d5902942c
Static task
static1
Behavioral task
behavioral1
Sample
payment_authorization.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payment_authorization.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt
masslogger
Targets
-
-
Target
payment_authorization.scr
-
Size
781KB
-
MD5
27274675f453b4cdc272d23a984b6302
-
SHA1
b027a17a65755cdb0dfb6fef0bc9371ccbefd629
-
SHA256
9e9f06f1259bee66e0a0c2b3b92cb74fe17c06b48ea0781c978c23f7ecfbcf79
-
SHA512
46fa463542afb5f4fc880bab515d12cfd617df478608874d34e5475337c0aab2934956206aa9b6c80ef75657677c6763b499fc5b3da205730d24314df7ad092b
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-