General
-
Target
7ba17d8b3d366f0a2d4c1dd3f95995831375c7433e0aa81c526849e54549182d
-
Size
681KB
-
Sample
220521-pjqe7aafcl
-
MD5
3e268823489a6f61e426ad04ba32db37
-
SHA1
bf466c8a38298408266d01d18dcb5f2da06f0c46
-
SHA256
7ba17d8b3d366f0a2d4c1dd3f95995831375c7433e0aa81c526849e54549182d
-
SHA512
7255957ef9b1ae669d2a0a7ca20e8e414fc2b045d25475784951556f35c9e4391c85f081222bbdf7648551e19710e24175c47791aff60c7f4ca45d331de52282
Static task
static1
Behavioral task
behavioral1
Sample
p0flf49bEs68ze7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
p0flf49bEs68ze7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
bob@metalfabme.icu - Password:
@Mexico1.,
Targets
-
-
Target
p0flf49bEs68ze7.exe
-
Size
736KB
-
MD5
f86c5e35abb842290ce1773b6a4e7d0f
-
SHA1
b14fc3de5165c84c5dac9e39e6c0695710fb3549
-
SHA256
76933bfe9afdf8d266352155f09995acadcab23345fabe2518d5bf15d45c9cd4
-
SHA512
aad5cfbe0de8979deb1800f90467fe7f8426889ff3ad836511c04985d3c1eb51138e94f0c209dcd9663739bb677c0f4e28257d582972df6c0fabb6b4efb6622c
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-