General
-
Target
44fee899ebeec1324a812d88a40d9f68824baec113e7520385d1f6a658e2ec84
-
Size
831KB
-
Sample
220521-pl8dsaagdj
-
MD5
10cac77805e52a908c1d92cd2a7f9f72
-
SHA1
72205560aaa7aa3787ca5e6a2b9614b735119147
-
SHA256
44fee899ebeec1324a812d88a40d9f68824baec113e7520385d1f6a658e2ec84
-
SHA512
fa93a0b9c1df8163ef7ad850e5593e7c5c95ab3c35989a4b579882da46b0afac161f4ec29c36b0e00eca3d0c88facfbcf61275b6e5fc430bb473e3cece6e0b09
Static task
static1
Behavioral task
behavioral1
Sample
TT COPY osdnsufsuifhsifudsujdfs,,,,.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TT COPY osdnsufsuifhsifudsujdfs,,,,.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
logs2020@gtbenk-plc.com - Password:
mkoify147@@@
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
TT COPY osdnsufsuifhsifudsujdfs,,,,.exe
-
Size
922KB
-
MD5
6d37e918a7aeec2a9ebde6092dc75d72
-
SHA1
ee76d5b79861aaacaae30ee7cea264324f26752e
-
SHA256
45970f8f1497ab648eb24a71690d876dc6e18ed42e95da854252ec79b7939ab6
-
SHA512
b6b1689854c52283d1debc2380b081f068684be8ab181487e29a22bb5da045aafebae3129c7cab7513a705368493f4b6d10a407548a19b5dd6b6e4100000689c
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-