General
-
Target
3dece552bae40022a24574f60b1dca098221bc92f04808839928b86e48eedcbd
-
Size
1.8MB
-
Sample
220521-pmkn4sffb8
-
MD5
90be67cd4e708a8080bfebc282966207
-
SHA1
12a71a6483b1792bdf7091d4b960522b43988692
-
SHA256
3dece552bae40022a24574f60b1dca098221bc92f04808839928b86e48eedcbd
-
SHA512
788f1a4b77aa618d634eb9ef08baea270bd8555f7df86456fef64314c3998bfc955c15069355930b016bd8e08ac3b38c18d5fb55a9d8d3df1f8be4335d804716
Static task
static1
Behavioral task
behavioral1
Sample
PAGO_25_.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAGO_25_.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\781F780B4E\Log.txt
masslogger
Targets
-
-
Target
PAGO_25_.EXE
-
Size
1.2MB
-
MD5
94f2908697b9f698d5634f675dc6a5c8
-
SHA1
9e6e83f145c01bedd3ef800b16e675d990f9d39e
-
SHA256
79789ad11d75901af6b26bcb620abc4db6c1391c00544bf6d293760f98c3df76
-
SHA512
042c67a7da5cdff3e159d918bb8fdde12d6b5d176e9b51460d4703ed68b33562c58d98cd140064fae4f336196a0e23efe78545f7bd621f77c305516b78b96ce5
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-