masslogger | f486c5d5fe3c9341cd331a8e6a68102a9bd7a9e7864c5179948c585806828006 | Triage

Sharing

General

Target

952110_2020713.exe
Size

1.3MB
Sample

200713-2esfeq8xga
MD5

52e2dd01e70bce5aac4f44e19c2876e1
SHA1

bf7326838f7b86565769f1c122bdebbbf5b6a097
SHA256

f486c5d5fe3c9341cd331a8e6a68102a9bd7a9e7864c5179948c585806828006
SHA512

1ab82d5d08de1f877ec4c45d75597f4d584460bf37c6e8e271f6ebc74a452f14b39c84cc22b2bf8a3fadeaa53f87881dcacafeeedfcaf500d34e09a8f659ddbd

Score

10^/10

masslogger persistence spyware stealer

Malware Config

Targets

- Target
  
  952110_2020713.exe
- Size
  
  1.3MB
- MD5
  
  52e2dd01e70bce5aac4f44e19c2876e1
- SHA1
  
  bf7326838f7b86565769f1c122bdebbbf5b6a097
- SHA256
  
  f486c5d5fe3c9341cd331a8e6a68102a9bd7a9e7864c5179948c585806828006
- SHA512
  
  1ab82d5d08de1f877ec4c45d75597f4d584460bf37c6e8e271f6ebc74a452f14b39c84cc22b2bf8a3fadeaa53f87881dcacafeeedfcaf500d34e09a8f659ddbd
Score

10^/10

persistence spyware stealer masslogger
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealermasslogger

behavioral2