General
-
Target
gunzipped
-
Size
936KB
-
Sample
200731-85y1hygcxn
-
MD5
bbb0b33663055f506d0dc4fa382b6ef6
-
SHA1
c97788c492ebd0f959f069ab5b6d341fb2fbcaa1
-
SHA256
6077a9d47232d6bb6425891c5c71096e21e4f961fa4b882004c4574a23321ab9
-
SHA512
d4adf010dd558fb0f6a70b09c675c636dbe70be04e1495dfd7b113b0975141e0e891c1723837c1bae114a327cc056718934196b6ea9843839c23f16f78a144b6
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
gunzipped.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\42EF15E83D\Log.txt
masslogger
Targets
-
-
Target
gunzipped
-
Size
936KB
-
MD5
bbb0b33663055f506d0dc4fa382b6ef6
-
SHA1
c97788c492ebd0f959f069ab5b6d341fb2fbcaa1
-
SHA256
6077a9d47232d6bb6425891c5c71096e21e4f961fa4b882004c4574a23321ab9
-
SHA512
d4adf010dd558fb0f6a70b09c675c636dbe70be04e1495dfd7b113b0975141e0e891c1723837c1bae114a327cc056718934196b6ea9843839c23f16f78a144b6
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-