General
-
Target
945de800ae672cc44cca74776ec9b3658aaa8dd14d6fef5643f6641a618a92e4
-
Size
854KB
-
Sample
220521-phx4msaegr
-
MD5
571f3113c938be5a96aed8f2ff16427d
-
SHA1
a102589d8545b44d1cc1504b17c077d6dc52b65b
-
SHA256
945de800ae672cc44cca74776ec9b3658aaa8dd14d6fef5643f6641a618a92e4
-
SHA512
3c659c96e1a6299507590ce6fb19d0d685b332de62c71d51deb6e32af934ce120069eb0a2f81621583a18cbc0df0bfeb15fb52918effbbd50a38be0b7eb2bac9
Static task
static1
Behavioral task
behavioral1
Sample
Order Inquiry with Design Samples.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order Inquiry with Design Samples.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\8506BBE7FF\Log.txt
masslogger
Targets
-
-
Target
Order Inquiry with Design Samples.exe
-
Size
897KB
-
MD5
2ebff22a63913f818834de7c54a0e354
-
SHA1
89a9d6a4d974fe7cde6ec896c5dc19283b0f63f4
-
SHA256
2302005fdd7c57d73c350d541fd0020b051efffdf02a4f3c3e1671cacea30043
-
SHA512
f722929d3691cda5d078f477c6ecac777b465d0923931fcc62389a4b6b6ed1df35b6be2800ce9cf9e2c65b004adf85d7822a12c0ad07d13e6c05139c5f2c4dda
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-