General
-
Target
53c05a4b75e539caed8efe3f60af055da27c014c2f8ba6f9a05981fc2e073e59
-
Size
1.8MB
-
Sample
220521-pljenaagar
-
MD5
2b372a7077f8705f843f343dea500b85
-
SHA1
8ec3551d5bce779e1425f0b6f6bcb0195043eace
-
SHA256
53c05a4b75e539caed8efe3f60af055da27c014c2f8ba6f9a05981fc2e073e59
-
SHA512
e24c15ca26303bb98ec5e9206345b829f598a343bad27e44bf3247387907272d1091d129bb16af0b3d668c08215b057f326db49fafa788108942b0c0100dc489
Static task
static1
Behavioral task
behavioral1
Sample
PAGO_ADJ.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAGO_ADJ.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
Protocol: ftp- Host:
ftp.sisbg.net - Port:
21 - Username:
[email protected] - Password:
alibaba.com
Extracted
C:\Users\Admin\AppData\Local\Temp\781F780B4E\Log.txt
masslogger
Targets
-
-
Target
PAGO_ADJ.EXE
-
Size
1.2MB
-
MD5
b69ef4759dddf4f965bf84d654a555ff
-
SHA1
f894b62e29c20cdd562f02001c5ce30ca5609bb9
-
SHA256
7ecde113e9bcf315e61368cce51deda2e51321684d9d8e943a31ab1d457988f7
-
SHA512
529766ef4faa26b9c5e8a2bffd390c64d038724a7492caf5790550062c195ba5d6f2c2d97ad0e6fc5e2a03bf4fc3af6b41c0c4a3a7db9b0fa2e33884f38827cb
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-