General
-
Target
scan copy.exe
-
Size
859KB
-
Sample
200817-ff3mkzmzfs
-
MD5
54a3dd33e8b12aed84551a0fecaa4068
-
SHA1
637e1d8791e758bcce7a77c18c3c2019105e70e1
-
SHA256
fa1dd731e06f5a7470f45a3f09f0b39d2e236d022c9a9d6e52828e8214c5893e
-
SHA512
ed3a361816805a4894eee14de6d9a32d4bc55e1ca8daac9fbb358f6881acbf590bb23b3cfeb8ef16625440bd13e69bad34d8de51a5599f407b94249752268418
Static task
static1
Behavioral task
behavioral1
Sample
scan copy.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
scan copy.exe
Resource
win10v200722
Malware Config
Extracted
C:\Users\Admin\AppData\Local\42EF15E83D\Log.txt
masslogger
Extracted
Protocol: smtp- Host:
mail.nartaccess.com - Port:
587 - Username:
info@nartaccess.com - Password:
T4R3PxJ68GnJ
Targets
-
-
Target
scan copy.exe
-
Size
859KB
-
MD5
54a3dd33e8b12aed84551a0fecaa4068
-
SHA1
637e1d8791e758bcce7a77c18c3c2019105e70e1
-
SHA256
fa1dd731e06f5a7470f45a3f09f0b39d2e236d022c9a9d6e52828e8214c5893e
-
SHA512
ed3a361816805a4894eee14de6d9a32d4bc55e1ca8daac9fbb358f6881acbf590bb23b3cfeb8ef16625440bd13e69bad34d8de51a5599f407b94249752268418
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-