masslogger | 52fa2e8c2e126d16feab59c47cdb6764e30a532000db97388ded751b0471e688 | Triage

Submit
Reports

Overview

overview

Static

static

Down Payment.doc

windows7_x64

Down Payment.doc

windows10_x64

1

Sharing

General

Target

Down Payment.doc
Size

1.6MB
Sample

201217-6n2n96dzv2
MD5

0ff5919b6552c497ef64d831574a1c62
SHA1

d892fb651e8d336e48ad0a0f7d88c6dd35359699
SHA256

52fa2e8c2e126d16feab59c47cdb6764e30a532000db97388ded751b0471e688
SHA512

26467ef913d1a1f09bea9bf44ede0431562604230b2a785127b56e947dd7d3e5623a3b5f18cd9fd021b5ed4b5545e7bd2796cf33b9b6c59aefb0e6ca51464e6a

Score

10^/10

masslogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Down Payment.doc

Resource

win7v20201028

masslogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Down Payment.doc

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Down Payment.doc
- Size
  
  1.6MB
- MD5
  
  0ff5919b6552c497ef64d831574a1c62
- SHA1
  
  d892fb651e8d336e48ad0a0f7d88c6dd35359699
- SHA256
  
  52fa2e8c2e126d16feab59c47cdb6764e30a532000db97388ded751b0471e688
- SHA512
  
  26467ef913d1a1f09bea9bf44ede0431562604230b2a785127b56e947dd7d3e5623a3b5f18cd9fd021b5ed4b5545e7bd2796cf33b9b6c59aefb0e6ca51464e6a
Score

10^/10

masslogger spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy