General
-
Target
0b1e16ec3b9df30065ab12858d60db441afa2ad9f96e9a32e1f6c94eb675c71c
-
Size
676KB
-
Sample
220521-ppntjsahgn
-
MD5
26d15bf678633c5fd4c87c3a7f022474
-
SHA1
7f72d275b52e5775960ba5169b2fa956542cd53b
-
SHA256
0b1e16ec3b9df30065ab12858d60db441afa2ad9f96e9a32e1f6c94eb675c71c
-
SHA512
6ced1d9dc47c27ef00a91323d86220d3f1697b5569437991d544a9c1d2e61cee16e49ad711923a9b85fad75352e1b3e44fdf30d1aafe8d3cd3f8f52472d42cd0
Static task
static1
Behavioral task
behavioral1
Sample
RFQ #031-24062020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ #031-24062020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
binu@metalfabme.icu - Password:
@Brazil20,,
Extracted
C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt
masslogger
Targets
-
-
Target
RFQ #031-24062020.exe
-
Size
729KB
-
MD5
4400d1b5d0c379b8e5dade14b3346569
-
SHA1
5d7a1f8777069ac6462cdcd7aaa885b10e23472f
-
SHA256
851f1641fb283113cc5feb03c807bc82dc4d85ecd22ab8ff091a8edd71bb45ed
-
SHA512
75a275fda65c52cc831fc4750aecfc23408c86db5e0532566701902c32ac3807a918a89286f3ff795173c0af7cc5cf8e5c63a3c61fbc5762ed0cfe3d89386dd6
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-