General
-
Target
436721c75699b2ced805e19545c98e72f8d9e3d2e93efdbba086911e98757036
-
Size
1.9MB
-
Sample
220521-pxlzxsbdcj
-
MD5
bdc993a2fe4a8a10aa6814062e4408ff
-
SHA1
c478c7c2604f066f71a4dd8a2938923f0cc7904f
-
SHA256
436721c75699b2ced805e19545c98e72f8d9e3d2e93efdbba086911e98757036
-
SHA512
4b1240a5e2bfaaa57b59fad71f9ea871faff02295103f4460edec1759a31446debefdcc41dfa7956c1a00f0c2a5a98b2582da4de57787686be42ad94a4d14c28
Static task
static1
Behavioral task
behavioral1
Sample
DHL_MAY_.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_MAY_.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt
masslogger
Targets
-
-
Target
DHL_MAY_.EXE
-
Size
1.3MB
-
MD5
8f8abb6f33adbb7043c405bba2c19968
-
SHA1
fcdd38b2b364d32b4294c3a0611f011afc0fd3f0
-
SHA256
a3597ac0873ae3a71729eed1521710b6899ed9d886601b4b9e2ed207db1f087c
-
SHA512
a04ebec5e31d4c91bfae3d601d91579e1d7c5ff08a8499b0c93faa53eab355ed137629806b18c655ee549d08272b8f5d3a608d526095e9fb7b601ffbbf5e15f3
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-