General
-
Target
b5db156d5dbb5723927a1a5d4267e98e.exe
-
Size
920KB
-
Sample
200731-mde4lejj8x
-
MD5
b5db156d5dbb5723927a1a5d4267e98e
-
SHA1
b62b0202e8f8502336b2d14ca4a962aac4957237
-
SHA256
cc86bfa00eb04de2849ee30eab7202d0e3fcd0af3e596c4c4f0bc0e569b4a8b8
-
SHA512
61d38cee019210c8b0fdbf3abd516c8b49f4b6f174e3da91783065cf4cc630c2ae75bcf28d47d4d25dfe2bc38d5f79e8a652615137e9fa7c9a35ea6dde7edb47
Static task
static1
Behavioral task
behavioral1
Sample
b5db156d5dbb5723927a1a5d4267e98e.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
b5db156d5dbb5723927a1a5d4267e98e.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\42EF15E83D\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\480F96756F\Log.txt
masslogger
Targets
-
-
Target
b5db156d5dbb5723927a1a5d4267e98e.exe
-
Size
920KB
-
MD5
b5db156d5dbb5723927a1a5d4267e98e
-
SHA1
b62b0202e8f8502336b2d14ca4a962aac4957237
-
SHA256
cc86bfa00eb04de2849ee30eab7202d0e3fcd0af3e596c4c4f0bc0e569b4a8b8
-
SHA512
61d38cee019210c8b0fdbf3abd516c8b49f4b6f174e3da91783065cf4cc630c2ae75bcf28d47d4d25dfe2bc38d5f79e8a652615137e9fa7c9a35ea6dde7edb47
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-