General
-
Target
swift copy 016011 022.exe
-
Size
951KB
-
Sample
221116-slnadsfg6s
-
MD5
cdd6ff27424a2db74653821acc8a732c
-
SHA1
37e03591611d462aa39c0ec3f335c3bf7e56eb4c
-
SHA256
96e45500db445f50f255908635dc793bc896a0d919f989de9080ceb1a3bd74d9
-
SHA512
971990ceac9bfd69fdde3ff74713ad9d62e564bb08aaeab4e5568207fb7b652aa129b2b1a2495b99e3e0990349a2c881a4b1c2292100597055ba9aa98c40eeea
-
SSDEEP
12288:rq1bRSmFLfNvNFHgOVyGdYb7bLFfs1qAnrHuqUZXO0pNUuXe9hrDdlsKBehG/U/x:rQ5v3gRgaFwXrHBWXO0pTQJlHBa/5r
Malware Config
Targets
-
-
Target
swift copy 016011 022.exe
-
Size
951KB
-
MD5
cdd6ff27424a2db74653821acc8a732c
-
SHA1
37e03591611d462aa39c0ec3f335c3bf7e56eb4c
-
SHA256
96e45500db445f50f255908635dc793bc896a0d919f989de9080ceb1a3bd74d9
-
SHA512
971990ceac9bfd69fdde3ff74713ad9d62e564bb08aaeab4e5568207fb7b652aa129b2b1a2495b99e3e0990349a2c881a4b1c2292100597055ba9aa98c40eeea
-
SSDEEP
12288:rq1bRSmFLfNvNFHgOVyGdYb7bLFfs1qAnrHuqUZXO0pNUuXe9hrDdlsKBehG/U/x:rQ5v3gRgaFwXrHBWXO0pTQJlHBa/5r
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-