masslogger | 14836e19f657b3a82b1f58dfb846ff1eb66f72ea7eb9b840c2de4b2ceeddcddd | Triage

Submit
Reports

Overview

overview

Static

static

OOCLU57731...ls.exe

windows7_x64

OOCLU57731...ls.exe

windows10_x64

Sharing

General

Target

OOCLU57731000013.xls.exe
Size

892KB
Sample

201224-b2rlkhrj92
MD5

7c3df39bc1a99d5b392330206083461b
SHA1

7f60f5dc06d5f4a91d606312747bbc770226bbb3
SHA256

14836e19f657b3a82b1f58dfb846ff1eb66f72ea7eb9b840c2de4b2ceeddcddd
SHA512

3cab1494e1a137045c0b7eb005c169fb56b26efc7754b80ff44090502c11a4f96d36b0bd403cc309e0b9fca4220bad4cdcaa8b6905483fbb9d4ec000964c9985

Score

10^/10

masslogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

OOCLU57731000013.xls.exe

Resource

win7v20201028

masslogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

OOCLU57731000013.xls.exe

Resource

win10v20201028

masslogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  OOCLU57731000013.xls.exe
- Size
  
  892KB
- MD5
  
  7c3df39bc1a99d5b392330206083461b
- SHA1
  
  7f60f5dc06d5f4a91d606312747bbc770226bbb3
- SHA256
  
  14836e19f657b3a82b1f58dfb846ff1eb66f72ea7eb9b840c2de4b2ceeddcddd
- SHA512
  
  3cab1494e1a137045c0b7eb005c169fb56b26efc7754b80ff44090502c11a4f96d36b0bd403cc309e0b9fca4220bad4cdcaa8b6905483fbb9d4ec000964c9985
Score

10^/10

masslogger spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggerspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy