General
-
Target
Q2020-07-466am.exe
-
Size
1.4MB
-
Sample
200731-19ce8vyx8a
-
MD5
93a02efc3319e40884d86f0603d6073d
-
SHA1
df7966c6dda6c785ad4bcf5b7a49f0a99a9bc51e
-
SHA256
de7e69ec920dccdc40220e414a2d1b3bc05e53c5f5ea34e309bd3365aa5dae78
-
SHA512
620172b1822721b279eb1b92d288a2ee82056b77c91c59134edc1aa727524bee2e5211cc41d69e67b1dc1caf9c555e5f475b3fca97d3dd3b94b224443e5fc2c7
Static task
static1
Behavioral task
behavioral1
Sample
Q2020-07-466am.exe
Resource
win7
Behavioral task
behavioral2
Sample
Q2020-07-466am.exe
Resource
win10v200722
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\E2C1E8F1FA\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
ogsteve@airuhomes.com - Password:
y8wG[wgBvT]F
Targets
-
-
Target
Q2020-07-466am.exe
-
Size
1.4MB
-
MD5
93a02efc3319e40884d86f0603d6073d
-
SHA1
df7966c6dda6c785ad4bcf5b7a49f0a99a9bc51e
-
SHA256
de7e69ec920dccdc40220e414a2d1b3bc05e53c5f5ea34e309bd3365aa5dae78
-
SHA512
620172b1822721b279eb1b92d288a2ee82056b77c91c59134edc1aa727524bee2e5211cc41d69e67b1dc1caf9c555e5f475b3fca97d3dd3b94b224443e5fc2c7
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-