General
-
Target
QUO29393.exe
-
Size
1.1MB
-
Sample
200731-8fppd1wrtn
-
MD5
60a03e78b2781f94f1033859b6b9f2fd
-
SHA1
033643dab0f443d8b50b4218d8bbe956e03af6ff
-
SHA256
24a6ec83c1a75f4bfefa0e5df247fbc354cea37c917da05a38e2687b7b26c464
-
SHA512
17c0ab71f9a260e76564d17d8a88ac0ade820c9cdabac9f8fe4f1e24332ab7b407a107ca8e2c563e667d99a51d488c8cb830b197c76c29d52ab25d426411aef4
Static task
static1
Behavioral task
behavioral1
Sample
QUO29393.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
QUO29393.exe
Resource
win10v200722
Malware Config
Extracted
C:\Users\Admin\AppData\Local\42EF15E83D\Log.txt
masslogger
Targets
-
-
Target
QUO29393.exe
-
Size
1.1MB
-
MD5
60a03e78b2781f94f1033859b6b9f2fd
-
SHA1
033643dab0f443d8b50b4218d8bbe956e03af6ff
-
SHA256
24a6ec83c1a75f4bfefa0e5df247fbc354cea37c917da05a38e2687b7b26c464
-
SHA512
17c0ab71f9a260e76564d17d8a88ac0ade820c9cdabac9f8fe4f1e24332ab7b407a107ca8e2c563e667d99a51d488c8cb830b197c76c29d52ab25d426411aef4
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-