General
-
Target
P8ZSVUpasVMfplc.exe
-
Size
672KB
-
Sample
200630-5wqbkxktk2
-
MD5
fab6a3b81fdd55171bb924b49248847a
-
SHA1
9d8d59c704f972258eb00cbb96278b3e78faf936
-
SHA256
922cd763d629a47261c509be5ac635d24bcd0f16e729b3e38074fd33317de616
-
SHA512
07df6342c72b4669262eb2c25719cdeb340d0d59dd84393edc3f3b65d6e66f2fb89d6bab3b7e4209a257577df2c9fdfdfbf4c7407dedb209274e3474072ba0d8
Static task
static1
Behavioral task
behavioral1
Sample
P8ZSVUpasVMfplc.exe
Resource
win7
Behavioral task
behavioral2
Sample
P8ZSVUpasVMfplc.exe
Resource
win10v200430
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\E2C1E8F1FA\Log.txt
masslogger
Targets
-
-
Target
P8ZSVUpasVMfplc.exe
-
Size
672KB
-
MD5
fab6a3b81fdd55171bb924b49248847a
-
SHA1
9d8d59c704f972258eb00cbb96278b3e78faf936
-
SHA256
922cd763d629a47261c509be5ac635d24bcd0f16e729b3e38074fd33317de616
-
SHA512
07df6342c72b4669262eb2c25719cdeb340d0d59dd84393edc3f3b65d6e66f2fb89d6bab3b7e4209a257577df2c9fdfdfbf4c7407dedb209274e3474072ba0d8
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-