General
-
Target
Skype-8.87.0.406.exe
-
Size
84.9MB
-
Sample
220816-kap1vahdd7
-
MD5
6a52b4efb00ea46c34f924acc2b2e289
-
SHA1
feecc09bf944b9e663acdd2aa07e36f4f3b2a5ce
-
SHA256
5b0dc5071cf7fdc13f1b2e10ef06c1161be85aec193ea7dd5ac8c60738fd6d5f
-
SHA512
0081cbab52198a6ce08c52da51138ad653614e131542d533c68d57ab36c7d3d816bad61f622b8c3cbaf519e074c695837c1a02efbad928cb917a3af93e696046
Malware Config
Targets
-
-
Target
Skype-8.87.0.406.exe
-
Size
84.9MB
-
MD5
6a52b4efb00ea46c34f924acc2b2e289
-
SHA1
feecc09bf944b9e663acdd2aa07e36f4f3b2a5ce
-
SHA256
5b0dc5071cf7fdc13f1b2e10ef06c1161be85aec193ea7dd5ac8c60738fd6d5f
-
SHA512
0081cbab52198a6ce08c52da51138ad653614e131542d533c68d57ab36c7d3d816bad61f622b8c3cbaf519e074c695837c1a02efbad928cb917a3af93e696046
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
Vidar log file
Detects a log file produced by Vidar.
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-