General
-
Target
Document#0193832.exe
-
Size
1MB
-
Sample
200731-cna2xdrnke
-
MD5
97edaeff8f726e10d554f8f8f5aad7ae
-
SHA1
01da166b48252cfb52ad7b42730ec994f07c7db2
-
SHA256
bcd7372fd84fe78e97a72a842df6cab2a5d7a47909a3fd05b13f6f4990de8a7f
-
SHA512
99ca75b3989909eb66f2c7cd282db81c2c952fbf637287c6157df923335f5f9bd63b9d5b91b0ec7de06d68391903f716f5ab6ce67f2f3230a3e8c25b44aa5f16
Static task
static1
Behavioral task
behavioral1
Sample
Document#0193832.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Document#0193832.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\42EF15E83D\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
celal@lidyatriko-com.me - Password:
Tomorrow@1234#
Targets
-
-
Target
Document#0193832.exe
-
Size
1MB
-
MD5
97edaeff8f726e10d554f8f8f5aad7ae
-
SHA1
01da166b48252cfb52ad7b42730ec994f07c7db2
-
SHA256
bcd7372fd84fe78e97a72a842df6cab2a5d7a47909a3fd05b13f6f4990de8a7f
-
SHA512
99ca75b3989909eb66f2c7cd282db81c2c952fbf637287c6157df923335f5f9bd63b9d5b91b0ec7de06d68391903f716f5ab6ce67f2f3230a3e8c25b44aa5f16
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-