masslogger

General

Target

DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
Size

1.9MB
Sample

200714-mwn39k76yx
MD5

29ef05a7b09d8ea9dff23a13a6845b21
SHA1

03c2136b3bf92209f8ee934693c67e208dd5b721
SHA256

e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83
SHA512

a3739b7c7f085d827db7f0214566967cb734264bbf025820d96786cf8be8ec63aa6eab2eb3590be4177b6f0e41817fd47ea57e75dac5b59499c2fa4e7466b8a5

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\C8A579F880\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.2.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/14/2020 3:23:10 PM MassLogger Started: 7/14/2020 3:23:02 PM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe As Administrator: True

Targets

- Target
  
  DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
- Size
  
  1.9MB
- MD5
  
  29ef05a7b09d8ea9dff23a13a6845b21
- SHA1
  
  03c2136b3bf92209f8ee934693c67e208dd5b721
- SHA256
  
  e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83
- SHA512
  
  a3739b7c7f085d827db7f0214566967cb734264bbf025820d96786cf8be8ec63aa6eab2eb3590be4177b6f0e41817fd47ea57e75dac5b59499c2fa4e7466b8a5
Score

10^/10

ransomware spyware stealer masslogger
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MassLogger log file

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2