General
-
Target
2a6edd2356faca41db31e6f58e423fcf9b82272af8cf8d15dfe542585fc4c710
-
Size
695KB
-
Sample
220521-pybkksbdfl
-
MD5
2ee2d4cec385fecc27709b25acbaff75
-
SHA1
9a42d5083b33c52762f38888e22fefe32436dc95
-
SHA256
2a6edd2356faca41db31e6f58e423fcf9b82272af8cf8d15dfe542585fc4c710
-
SHA512
41c777353505cf512d0daef81d97ad88164c866d06357657185b0307c7e5e0becdec1d83e0fdd5d610f07b8e543daf3fdb4f151a0e65992e58ee618330de95a7
Static task
static1
Behavioral task
behavioral1
Sample
SwiftBNF.scan.pdf..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SwiftBNF.scan.pdf..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt
masslogger
Targets
-
-
Target
SwiftBNF.scan.pdf..exe
-
Size
732KB
-
MD5
c30512d832ae5f5bba0b1f7a391a6e54
-
SHA1
96c98d60726a64e7e934530def145d4e2f8e46f3
-
SHA256
59ab0c3f8318f555ee1316fa382e9947c79e4ea03f321ebd282ed08012b8139a
-
SHA512
c06f4bed92791bff10518c8db36aebb8f86c6ed9d3e2e141bc4fafbe92784494f4bbff6ab1edb63d4c2f682d36fb43f089ddb8a79490721781d15cbe7e9bf337
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-