masslogger | 373ff5729bbb58bba6a9426b0a35c58a921be8b76a3ccf1dd9f99f410af8dddd | Triage

Submit
Reports

Overview

overview

Static

static

vessel details.exe

windows7_x64

vessel details.exe

windows10_x64

Sharing

General

Target

vessel details.exe
Size

1.0MB
Sample

201201-8p3psar8jj
MD5

0cc939dccba0be64d2c6dc13e7b55729
SHA1

02d50dfe38ff1bc27d76ba3866d326f0a8777208
SHA256

373ff5729bbb58bba6a9426b0a35c58a921be8b76a3ccf1dd9f99f410af8dddd
SHA512

fff564d60bb71423007d24e3feda6288edf27fc65a1d2f02ffda4b8f9d4f435bd18985c220cd132d7505b234770a1f8eda9e77059884df65b24a955905506ae8

Score

10^/10

masslogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

vessel details.exe

Resource

win7v20201028

masslogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

vessel details.exe

Resource

win10v20201028

masslogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
maaig.com
Port:
21
Username:
info@maaig.com
Password:
E#T~&wyRgLDa

Extracted

Credentials

Protocol: smtp
Host:
mail.vitracer.com
Port:
587
Username:
sales@vitracer.com
Password:
vm85932754

Targets

- Target
  
  vessel details.exe
- Size
  
  1.0MB
- MD5
  
  0cc939dccba0be64d2c6dc13e7b55729
- SHA1
  
  02d50dfe38ff1bc27d76ba3866d326f0a8777208
- SHA256
  
  373ff5729bbb58bba6a9426b0a35c58a921be8b76a3ccf1dd9f99f410af8dddd
- SHA512
  
  fff564d60bb71423007d24e3feda6288edf27fc65a1d2f02ffda4b8f9d4f435bd18985c220cd132d7505b234770a1f8eda9e77059884df65b24a955905506ae8
Score

10^/10

masslogger spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggerspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy