General
-
Target
SecuriteInfo.com.Trojan.GenericKD.50428043.31193.10018
-
Size
1005KB
-
Sample
220615-3vkkzaghb5
-
MD5
013106940b067393d0458736ed44b179
-
SHA1
6a461570410fbfbf9006ee0cc9be2d5f9c363b04
-
SHA256
0d98cc703438cff3cc32a2bd01032c9234cae7c6e4c375047d0260b5d0b5e783
-
SHA512
d14a9b0a5c965fe730a9ce45cf7b3ec801308dd3186ac5be1578c706312c6ad46e31a895244286a0f75dfaf39529a459c7ff0f83e3dc2c00257bae665ce68c51
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.50428043.31193.10018
-
Size
1005KB
-
MD5
013106940b067393d0458736ed44b179
-
SHA1
6a461570410fbfbf9006ee0cc9be2d5f9c363b04
-
SHA256
0d98cc703438cff3cc32a2bd01032c9234cae7c6e4c375047d0260b5d0b5e783
-
SHA512
d14a9b0a5c965fe730a9ce45cf7b3ec801308dd3186ac5be1578c706312c6ad46e31a895244286a0f75dfaf39529a459c7ff0f83e3dc2c00257bae665ce68c51
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-