General
-
Target
10979f9fbee39c33046e940c5893569a1963d3c82de2627394e940ea070f0909
-
Size
1.1MB
-
Sample
220630-wntfzafbel
-
MD5
ef826a08ca7e802e0a5a5c61b58b2a80
-
SHA1
467f33a80dd20e33c0f89ebd69d265cbe109556d
-
SHA256
10979f9fbee39c33046e940c5893569a1963d3c82de2627394e940ea070f0909
-
SHA512
cd51bec962ba2aa24ea5747111b9bf292591009cef084facaf56278ab338964b3149a2e6f9d4c2e17ceba15c2095d6af0081c7175ea841a661ca3fe9ef1c3dac
Malware Config
Targets
-
-
Target
10979f9fbee39c33046e940c5893569a1963d3c82de2627394e940ea070f0909
-
Size
1.1MB
-
MD5
ef826a08ca7e802e0a5a5c61b58b2a80
-
SHA1
467f33a80dd20e33c0f89ebd69d265cbe109556d
-
SHA256
10979f9fbee39c33046e940c5893569a1963d3c82de2627394e940ea070f0909
-
SHA512
cd51bec962ba2aa24ea5747111b9bf292591009cef084facaf56278ab338964b3149a2e6f9d4c2e17ceba15c2095d6af0081c7175ea841a661ca3fe9ef1c3dac
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-