General
-
Target
fc09cb1af83398118d634e95134c68dc3bfbafff85a3961035faa0ed863d036c
-
Size
684KB
-
Sample
220531-aafr3afee8
-
MD5
e2d20565a87057086dba20d4c07eb977
-
SHA1
4baed34836df013e3e9488e63591b3cbaa0305c7
-
SHA256
fc09cb1af83398118d634e95134c68dc3bfbafff85a3961035faa0ed863d036c
-
SHA512
94530b41c3f277fea1c6c7bc849c66ad77eda539b76cfdf2046bdc6297f2155a8a1bc1ee20c6d1db8a8171e9fbff503ecd34cb96a7f21c1ed7b23ff26f5116de
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Protected@123
Targets
-
-
Target
DHL BILL OF LADING 62803217763.pif
-
Size
736KB
-
MD5
5577d22b593e5d028b779dd76891acf2
-
SHA1
c6ab92abb2f50e484aa672f71f5d04093a21cc2b
-
SHA256
64c4c850be4f8e9a0e12eeeb015c503dd5a2d0f22b8d872678227729bb6db757
-
SHA512
3376f5c418b824343624ef1a38337f63ad49d03f71330a8419a60befdc5c355a5e8e2e862967ef846b8270832f0c6b9504b6620ea985d102ad7ecee83de84834
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-