General
-
Target
644c9cf4829eb937cbecbeac43175b720a36c38d9cb3fbee3e22346f08fd8b33
-
Size
871KB
-
Sample
220521-pk26dafec6
-
MD5
3569faf4156c13edc66336020b402366
-
SHA1
5ee79913dbb5d4f655a060fb909f364a543ea63c
-
SHA256
644c9cf4829eb937cbecbeac43175b720a36c38d9cb3fbee3e22346f08fd8b33
-
SHA512
23fddb0659674afd2b4c318a07f475d2db3f68e3da03acdf39b3ce94b3103ac61e2e1b4a73c0e8eea795069f3b59b7b1391e5d941b05dd7eb80bbd0d2809ede5
Static task
static1
Behavioral task
behavioral1
Sample
Tech7 A S Profile.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Tech7 A S Profile.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Tech7 A S Profile.exe
-
Size
980KB
-
MD5
75de41ae05708e3574b8e734996eb88f
-
SHA1
5a545c6edf90ccedea8387d8f5040f97b9e68bbe
-
SHA256
083c70afde1be48426ebcf28eacfa0cd47f96130790b79f5a367ae6b00eab142
-
SHA512
f9c7bb8712cc3b9cffaa56b10091b28d05af3a59a344a29f6132c280626fadff738a14a9bcf325865ac480a60baa6d5e54575c58c8427c78ad3c841178d4235a
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-