General
-
Target
4f1384b82b65febe08b4589e556b8637ab71453fcec2329294f8fe7354ee48a4
-
Size
793KB
-
Sample
220521-plpaxafef7
-
MD5
b374804fea63176ab0f67af516db9a4c
-
SHA1
4295307dfc3746050bda4ee59e183ad79c9ea86a
-
SHA256
4f1384b82b65febe08b4589e556b8637ab71453fcec2329294f8fe7354ee48a4
-
SHA512
8322b075915c84e2e8d77c2218236c74163d85d3fc48da2f4b5fb18d1085f79975c9298d26d29e6ae720ef48dcb49d41f278de583a4c8a5c5288521abc7fa983
Static task
static1
Behavioral task
behavioral1
Sample
Outstanding PO - 14-Jun-2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Outstanding PO - 14-Jun-2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
Outstanding PO - 14-Jun-2020.exe
-
Size
823KB
-
MD5
7d1562810fa826af4ddcf7048be36b11
-
SHA1
ea6c3ea9459c9fb8102ac5489a37f2e0c7fa999a
-
SHA256
8caf81f11bf9898ce2e1e91ed450197ae089f1088c666a2d665ae589ceb12a7e
-
SHA512
01152782402d1dfcfae3fae20c37527896d0cd3e5dc8026a7accf3f1ae16dd71e78152067c5eacf810447a74438ef042b265c319ce525557bd55a6c6b8be15c0
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-