General
-
Target
21b67bec04dceed1e21878f291dbd84f7ebb39d7c64fa6d8a284546d8dd7fb33
-
Size
789KB
-
Sample
220521-pnmj4affg4
-
MD5
0f3b54ee94672982372111207160b184
-
SHA1
529197c2837df207b23186947a733a69e57187da
-
SHA256
21b67bec04dceed1e21878f291dbd84f7ebb39d7c64fa6d8a284546d8dd7fb33
-
SHA512
62f0616f18a452888eed07301b68392012fa789281955ce73e3bae1783e7850fea944e3f32953ed9a98213a3e9280b29968ef39b6f78e8e8325c9eaf38af64db
Static task
static1
Behavioral task
behavioral1
Sample
sampl request.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sampl request.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
sampl request.exe
-
Size
879KB
-
MD5
b9f272bf7b71dd282dc1b7f60ce75dfe
-
SHA1
a9b1ccf8e78165bd891ef9d78fb9d39946e35901
-
SHA256
bec0a2fe9590afbf0a4c5fd15568c59dddd36978769900624c67785e9b0e4363
-
SHA512
5b1cdbaa9c8a01b6157d414fed83dc5e19eec225fa2cb911c5dfdcdd245e0bd81ab8d042eb70a96a483a88e053a92c8a2914faf6f5c0b9b2b45f3cc620263083
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Modifies visibility of file extensions in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-