General
-
Target
SORUSTURMA 30.07.20.XLS.exe
-
Size
1.1MB
-
Sample
200731-wzb8tezxjj
-
MD5
2a3545f4dfeba61a015cca0f4598b010
-
SHA1
22cd26b8610a8eefad82a690491052bf8f2b128a
-
SHA256
1b0e17e568860f443d28cd430f26925fbb7bc31ee55e287dd16be90274ed33c9
-
SHA512
131fa817042caaec4c3079dfe7efbbaabb92e90db291226da9d741b8946582f223dc75fa9e32ce5502cc4f1f85ea580258bb616995d0137f7df9086d192d98ba
Static task
static1
Behavioral task
behavioral1
Sample
SORUSTURMA 30.07.20.XLS.exe
Resource
win7
Behavioral task
behavioral2
Sample
SORUSTURMA 30.07.20.XLS.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\E2C1E8F1FA\Log.txt
masslogger
Extracted
C:\Users\Admin\AppData\Local\480F96756F\Log.txt
masslogger
Targets
-
-
Target
SORUSTURMA 30.07.20.XLS.exe
-
Size
1.1MB
-
MD5
2a3545f4dfeba61a015cca0f4598b010
-
SHA1
22cd26b8610a8eefad82a690491052bf8f2b128a
-
SHA256
1b0e17e568860f443d28cd430f26925fbb7bc31ee55e287dd16be90274ed33c9
-
SHA512
131fa817042caaec4c3079dfe7efbbaabb92e90db291226da9d741b8946582f223dc75fa9e32ce5502cc4f1f85ea580258bb616995d0137f7df9086d192d98ba
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-