General
-
Target
8847ac1680030bbf54afbda6f552c4bdef8b66a510c0de95d845364270edf46a
-
Size
787KB
-
Sample
220521-pjc5vsfdd5
-
MD5
710688e1ed08764506c51bfc2550dd40
-
SHA1
4715ae0de8b1b2209983180eb4b90600b7db531c
-
SHA256
8847ac1680030bbf54afbda6f552c4bdef8b66a510c0de95d845364270edf46a
-
SHA512
06a936ce87bb9a2ec2883b803a5fca5fd7a5be44d586be63a4ce18f1a82f9a0dfa3a6e0a8d0df83c064e0b412227efc8d89e96c41ab97a8a1d1d1a930f364a55
Static task
static1
Behavioral task
behavioral1
Sample
4-5114-HT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4-5114-HT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
4-5114-HT.exe
-
Size
818KB
-
MD5
c8afbe0ba63c3dcde9c7c05b2e344951
-
SHA1
398ab5dd98b0720d4dd858a6da836e022a9d7849
-
SHA256
81ae80d0dc7e949cd78a6b555c1b08ebd8ec89ecf9847f3d1c0d9790b11be355
-
SHA512
6e5ca7f4c06a09d5e784a5d153236c93a663b6046366d1e81b32eab75c1ed886116a8548a6e11f1e5c09b517f89f93312e9cb0ff1d6688c60d9b6b1c5d1fd9cc
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-