General
-
Target
98b94a69e5bbb73e9ed6c65f1aa949b50ecb4e3b779316fe09f6b80a7f4614e9
-
Size
1.9MB
-
Sample
220521-phl2dafch7
-
MD5
70d09bbaa8cfc229ff808ea797f15dda
-
SHA1
89f7ab042971b36e5711402badbc1b2cbf762d5d
-
SHA256
98b94a69e5bbb73e9ed6c65f1aa949b50ecb4e3b779316fe09f6b80a7f4614e9
-
SHA512
4771cfe94dd41e0b855dad06568d471bbc0466275b5d91779a9105b3f64c951a4adadf8da18215ba1a9c75d196c55b1a1450e16907df7bb02e591613b2d645b8
Static task
static1
Behavioral task
behavioral1
Sample
PO__3048.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO__3048.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\2EF8342664\Log.txt
masslogger
Targets
-
-
Target
PO__3048.EXE
-
Size
1.3MB
-
MD5
e1b530b53135e5f15c6ee5e07818d3dd
-
SHA1
867fc34d7cb6c28838ec7210a51064e39e7b573a
-
SHA256
291acc1800bb543e73f85a5ec925fba62d9af86f75091fd7993c20d4fe78e22c
-
SHA512
ed3ca3b5c6d257cc5ba2a2f59dbde002c37c1f1b45f5e5a241bff0dedf7cef8ad501b6c0569967390248534a1b13d1e851875ce118cad92182cdd2bf1c31bd15
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-