masslogger | 30dac0d69e366db4ce57a0935d5619e4bcebfcbaa9f14b7618970cc2aaa522f4 | Triage

Sharing

General

Target

Ziraat Bankasi Swift Messaji.exe
Size

1.3MB
Sample

200713-r3xn39kg7a
MD5

7ba9c730b33fd37be0eec329aabeb6a0
SHA1

eabc80e887de547dc8dd16d4d0a515df48f30791
SHA256

30dac0d69e366db4ce57a0935d5619e4bcebfcbaa9f14b7618970cc2aaa522f4
SHA512

a8ac548c69d3698c87a18291577e6ddc3912c6009878382c3b1bc83cd3ad2b96f39cd60f797a60ae75bb992c413dc35a6f2a4fb844640a621cf88d75a93381fc

Score

10^/10

masslogger persistence spyware stealer

Malware Config

Targets

- Target
  
  Ziraat Bankasi Swift Messaji.exe
- Size
  
  1.3MB
- MD5
  
  7ba9c730b33fd37be0eec329aabeb6a0
- SHA1
  
  eabc80e887de547dc8dd16d4d0a515df48f30791
- SHA256
  
  30dac0d69e366db4ce57a0935d5619e4bcebfcbaa9f14b7618970cc2aaa522f4
- SHA512
  
  a8ac548c69d3698c87a18291577e6ddc3912c6009878382c3b1bc83cd3ad2b96f39cd60f797a60ae75bb992c413dc35a6f2a4fb844640a621cf88d75a93381fc
Score

10^/10

stealer spyware masslogger persistence
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealerspywaremassloggerpersistence

behavioral2