masslogger | f7d1402eb35c67bfb9f0cdf77c4050fc40c936fc0034d8b86bdbd20deed76db0 | Triage

Submit
Reports

Overview

overview

Static

static

CAII000080521.exe

windows7_x64

CAII000080521.exe

windows10_x64

3

Sharing

General

Target

CAII000080521.exe
Size

1.2MB
Sample

200707-37p4bbyqc6
MD5

017ecc0d306245e81566079ecf525be6
SHA1

aa2f5b1650a9d26aca637a3d9b72e94e9acbd244
SHA256

f7d1402eb35c67bfb9f0cdf77c4050fc40c936fc0034d8b86bdbd20deed76db0
SHA512

0c12c196b414356fa04f1772b1562d7d3eaee5787b52fe2cf8697ffa4b317319db57dd1f13ce768cca9f6ef9bfb62c908d4fc7f448cfd8432f8d1c883a3ac7d2

Score

10^/10

masslogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

CAII000080521.exe

Resource

win7

persistence spyware stealer masslogger

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

CAII000080521.exe

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  CAII000080521.exe
- Size
  
  1.2MB
- MD5
  
  017ecc0d306245e81566079ecf525be6
- SHA1
  
  aa2f5b1650a9d26aca637a3d9b72e94e9acbd244
- SHA256
  
  f7d1402eb35c67bfb9f0cdf77c4050fc40c936fc0034d8b86bdbd20deed76db0
- SHA512
  
  0c12c196b414356fa04f1772b1562d7d3eaee5787b52fe2cf8697ffa4b317319db57dd1f13ce768cca9f6ef9bfb62c908d4fc7f448cfd8432f8d1c883a3ac7d2
Score

10^/10

persistence spyware stealer masslogger
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealermasslogger

behavioral2

© 2018-2024

Terms | Privacy