General
-
Target
RFQ.exe
-
Size
1.3MB
-
Sample
200731-b87qjl5bmj
-
MD5
b7988e14a7dc282e2d131776364aef0b
-
SHA1
6d8d7ba0e463c2ce49b54fe787ca1a9d2d0da1ac
-
SHA256
19d4521c89aa9d79db5c279ab7d68e413b796e53b72e3ffca4312a6705ff3c76
-
SHA512
b629c2604f46cc01ff146f3b92c1c2782f3c9d1bfb9f6932fbfb292c5c9885f0f190d137cd0141e178b5ba03a1812fe3e05eb4f53d8648ab692b312ab9c98270
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\E2C1E8F1FA\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
wintom@wls-com.me - Password:
MORELOVE123
Targets
-
-
Target
RFQ.exe
-
Size
1.3MB
-
MD5
b7988e14a7dc282e2d131776364aef0b
-
SHA1
6d8d7ba0e463c2ce49b54fe787ca1a9d2d0da1ac
-
SHA256
19d4521c89aa9d79db5c279ab7d68e413b796e53b72e3ffca4312a6705ff3c76
-
SHA512
b629c2604f46cc01ff146f3b92c1c2782f3c9d1bfb9f6932fbfb292c5c9885f0f190d137cd0141e178b5ba03a1812fe3e05eb4f53d8648ab692b312ab9c98270
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-