General
-
Target
Clasquin France SA - Demande client 001071 - SKBMT-07-31-2020-105-img00215.exe
-
Size
19KB
-
Sample
200731-jx3vkrtx8j
-
MD5
36117a183609bb6953d3f78bb45ee5b9
-
SHA1
0d89d56bac5838a3f0854e43b42e564d290f4935
-
SHA256
3a58855a902398680563edf448779739201772e044102fe1c733f54fa9c936c1
-
SHA512
79ff888d369979be614821bc2f74d99aec8b24887edaea4c2b43cffe60942b87311e082bf031bf3111b70578c4814aa43eb01e09d314c776a013fc3c5df8f5c2
Static task
static1
Behavioral task
behavioral1
Sample
Clasquin France SA - Demande client 001071 - SKBMT-07-31-2020-105-img00215.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Clasquin France SA - Demande client 001071 - SKBMT-07-31-2020-105-img00215.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\42EF15E83D\Log.txt
masslogger
Targets
-
-
Target
Clasquin France SA - Demande client 001071 - SKBMT-07-31-2020-105-img00215.exe
-
Size
19KB
-
MD5
36117a183609bb6953d3f78bb45ee5b9
-
SHA1
0d89d56bac5838a3f0854e43b42e564d290f4935
-
SHA256
3a58855a902398680563edf448779739201772e044102fe1c733f54fa9c936c1
-
SHA512
79ff888d369979be614821bc2f74d99aec8b24887edaea4c2b43cffe60942b87311e082bf031bf3111b70578c4814aa43eb01e09d314c776a013fc3c5df8f5c2
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-