General
-
Target
1a2ad007a5eea810965e4d2f188c7f483f16486757f58bbd1b26ad077d4329b2
-
Size
874KB
-
Sample
220521-pnw4jaffg9
-
MD5
0d6999f4c142774c1150b29a82afb0a5
-
SHA1
d56b07676ada903f17e53b053f455764508db3fd
-
SHA256
1a2ad007a5eea810965e4d2f188c7f483f16486757f58bbd1b26ad077d4329b2
-
SHA512
69a76f22915955fb4f2044d436e039dda8e1c9a145f071fcf65bb829aef014c6bc1c779c4d0eb239ab55df653a2714584c7cdc9860287016fe3aeff108a40f8b
Static task
static1
Behavioral task
behavioral1
Sample
0909000000000080.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0909000000000080.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
0909000000000080.exe
-
Size
994KB
-
MD5
902795af5618d964c0f4c9f1dc286abf
-
SHA1
e60bb6c13241a24cf6d65dd57d1fa92c56cf6ee8
-
SHA256
69a3a2bc5ad99e27fad0546f6cf90ca633dc971979987314b0032e1eb67f1a3b
-
SHA512
68df80c5f0f379ecc92f220fa9a4b7a20b5463fe25c0a813f23118b32957850902d5e8afaf788545f10399b01d237711fbd8df7c5755b9193145f186f0d46e37
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-