masslogger

General

Target

cxaunOASPiVka6y.exe
Size

958KB
Sample

201109-sjednfyhf6
MD5

25f14213809e9a73bb703503fdd72df7
SHA1

79eea20c462aba792a1f0eca0d23c76f954a3c8b
SHA256

70502bb6c9fd88cdce1092f83ef2f6408a039c7b9de5652cd22087159dd8ba28
SHA512

b087edb0563ad6110be8fac0cb20113e28b7c3b0e60bb017b6ab28cfeae47f9a36fd8644ba3c56bb49d88ccdcc24594e623795a897ec64f430671d472e4f8dd6

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\5FADD7138A\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 11/10/2020 8:20:06 PM MassLogger Started: 11/10/2020 8:20:00 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\cxaunOASPiVka6y.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
accounting@americantrevalerinc.com
Password:
1q2w3e4r5t

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\109933CE9F\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Persocon Processor 2.5+ GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 11/10/2020 8:20:07 PM MassLogger Started: 11/10/2020 8:20:03 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\cxaunOASPiVka6y.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  cxaunOASPiVka6y.exe
- Size
  
  958KB
- MD5
  
  25f14213809e9a73bb703503fdd72df7
- SHA1
  
  79eea20c462aba792a1f0eca0d23c76f954a3c8b
- SHA256
  
  70502bb6c9fd88cdce1092f83ef2f6408a039c7b9de5652cd22087159dd8ba28
- SHA512
  
  b087edb0563ad6110be8fac0cb20113e28b7c3b0e60bb017b6ab28cfeae47f9a36fd8644ba3c56bb49d88ccdcc24594e623795a897ec64f430671d472e4f8dd6
Score

10^/10

masslogger coreentity ransomware rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2