masslogger | 45ff28eabf8854e1ce1d3bb088fc7cfa224dbeb1e8b66a4038682fd592013d54 | Triage

Submit
Reports

Overview

overview

Static

static

0e82916860...d0.exe

windows7_x64

0e82916860...d0.exe

windows10_x64

Sharing

General

Target

0e82916860b22b2a67db5f6c6f2be1d0.exe
Size

930KB
Sample

200713-gpz9a98v32
MD5

0e82916860b22b2a67db5f6c6f2be1d0
SHA1

7e74b11f0b9d735fd023eb5c27f23c25471377ee
SHA256

45ff28eabf8854e1ce1d3bb088fc7cfa224dbeb1e8b66a4038682fd592013d54
SHA512

0e87afb22098056e00d3e00d9e830d1307370e8c54296927cc605803541c165c0791272bb0d76e80a23924860d15835de99aab79c1467bcd8f0701046257fc6b

Score

10^/10

masslogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

0e82916860b22b2a67db5f6c6f2be1d0.exe

Resource

win7

spyware stealer masslogger

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0e82916860b22b2a67db5f6c6f2be1d0.exe

Resource

win10v200430

spyware stealer masslogger

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0e82916860b22b2a67db5f6c6f2be1d0.exe
- Size
  
  930KB
- MD5
  
  0e82916860b22b2a67db5f6c6f2be1d0
- SHA1
  
  7e74b11f0b9d735fd023eb5c27f23c25471377ee
- SHA256
  
  45ff28eabf8854e1ce1d3bb088fc7cfa224dbeb1e8b66a4038682fd592013d54
- SHA512
  
  0e87afb22098056e00d3e00d9e830d1307370e8c54296927cc605803541c165c0791272bb0d76e80a23924860d15835de99aab79c1467bcd8f0701046257fc6b
Score

10^/10

spyware stealer masslogger
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarestealermasslogger

behavioral2

spywarestealermasslogger

© 2018-2024

Terms | Privacy