masslogger

General

Target

kmd.exe
Size

1.8MB
Sample

200709-9kr83j7cl2
MD5

9906e3d9a42e2053405b72c9f85b0bad
SHA1

06d5be5ef404c61a41d15bab8351aed6fb9ab310
SHA256

13dd79b77c2ed2ba77d509e2d3b4621e83f7105674353f7e30930e07b099bce5
SHA512

ad23480af230afb2fb447aee7386da6b106bc2b375c2270b3803526cd7e83eb5cea59469dab9bc21c099d809389ebd8dc0176bb6a357b45e473d9b6774e4a062

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\E2C1E8F1FA\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.2.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/9/2020 5:58:57 PM MassLogger Started: 7/9/2020 5:58:50 PM Interval: 4 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\kmd.exe As Administrator: True

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\D2BC2E352A\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.2.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 OS: Microsoft Windows 10 Pro64bit CPU: Persocon Processor 2.5+ GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/9/2020 7:58:25 PM MassLogger Started: 7/9/2020 7:58:20 PM Interval: 4 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\kmd.exe As Administrator: True

Targets

- Target
  
  kmd.exe
- Size
  
  1.8MB
- MD5
  
  9906e3d9a42e2053405b72c9f85b0bad
- SHA1
  
  06d5be5ef404c61a41d15bab8351aed6fb9ab310
- SHA256
  
  13dd79b77c2ed2ba77d509e2d3b4621e83f7105674353f7e30930e07b099bce5
- SHA512
  
  ad23480af230afb2fb447aee7386da6b106bc2b375c2270b3803526cd7e83eb5cea59469dab9bc21c099d809389ebd8dc0176bb6a357b45e473d9b6774e4a062
Score

10^/10

ransomware spyware stealer masslogger
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger log file

UPX packed file

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2