General
-
Target
95ddb0ade9a0eb44ed3b399983e71e9b2faabe80c1622fed848210d438de3254
-
Size
1.9MB
-
Sample
220521-phsh6afdb2
-
MD5
e98a465439ab8a2d6d386ce028138545
-
SHA1
1c5749e3f96911dc8dddf7ac840b7de30dc9cb8d
-
SHA256
95ddb0ade9a0eb44ed3b399983e71e9b2faabe80c1622fed848210d438de3254
-
SHA512
4fff912ae0db79d3bb8199f6fbdb6cdb5f265f1441f9d77ec5ead703fe376e91bf778780e1df039907086a9bed2ab08663d4aef7931952af7d7615bd3452e7a3
Static task
static1
Behavioral task
behavioral1
Sample
DHL_MAY_.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_MAY_.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
DHL_MAY_.EXE
-
Size
1.3MB
-
MD5
7f56bc3c202c7284b09d069b1fe4e0df
-
SHA1
5218641a49868df36c1ee409c22ce14e56b7dfb8
-
SHA256
15fca9cc94b9a0632fe98a3a15e0c75d1f3ff2ce42a47d7b9d76217ca4bfca05
-
SHA512
d0e7a060a67227891b54385432ae39f4572cb26e7c844b6d6222b7a454cbbeb9ab1013a157afaac605ea62b34b023e2d02b30eae9abea23b4b1ce2d7b46fedf2
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-