masslogger | 2c0c11555412e75e830be16688aba26096a7110a3befefb865ddf5410a89a297 | Triage

Submit
Reports

Overview

overview

Static

static

Vessel Details.exe

windows7_x64

1

Vessel Details.exe

windows10_x64

Sharing

General

Target

Vessel Details.exe
Size

1.0MB
Sample

201202-qe9e5nned2
MD5

c937e1944545e46b2f249badce1502e5
SHA1

869346420d996877d43d8b316e5d20daf90e2c75
SHA256

2c0c11555412e75e830be16688aba26096a7110a3befefb865ddf5410a89a297
SHA512

4001dbfd7f5437133ef17dc044ffbcf68a2faf857d69aed2b17f9ef2bcb046a897e0b0139e1fc97711139711deea7f5e6d4022adc595a0a3814f6705c5605d89

Score

10^/10

masslogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Vessel Details.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Vessel Details.exe

Resource

win10v20201028

masslogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
maaig.com
Port:
21
Username:
info@maaig.com
Password:
E#T~&wyRgLDa

Extracted

Credentials

Protocol: smtp
Host:
mail.vitracer.com
Port:
587
Username:
sales@vitracer.com
Password:
vm85932754

Targets

- Target
  
  Vessel Details.exe
- Size
  
  1.0MB
- MD5
  
  c937e1944545e46b2f249badce1502e5
- SHA1
  
  869346420d996877d43d8b316e5d20daf90e2c75
- SHA256
  
  2c0c11555412e75e830be16688aba26096a7110a3befefb865ddf5410a89a297
- SHA512
  
  4001dbfd7f5437133ef17dc044ffbcf68a2faf857d69aed2b17f9ef2bcb046a897e0b0139e1fc97711139711deea7f5e6d4022adc595a0a3814f6705c5605d89
Score

10^/10

masslogger spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy