masslogger | 1c71da106df01c2d995653c5639de3b328757a7dabd5770851c161e8c26c1056 | Triage

Submit
Reports

Overview

overview

Static

static

e2ca9576_e...ed.exe

windows7_x64

e2ca9576_e...ed.exe

windows10_x64

Sharing

General

Target

e2ca9576_extracted
Size

1.3MB
Sample

210304-nfyfqyy76e
MD5

d91b5ccd5c19ab072de237b4df7485e0
SHA1

0063c7986415721066dc079e23d0a9e90f46cac2
SHA256

1c71da106df01c2d995653c5639de3b328757a7dabd5770851c161e8c26c1056
SHA512

328f15c5977e5a33dcfeb84ab0e8191ef1a953c53099f25e69108c407005731c1feea04a9c173bb67ed0bfd4cd526347e4a5b2c28dbd6c8446f07ea8fa90a237

Score

10^/10

masslogger spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

e2ca9576_extracted.exe

Resource

win7v20201028

masslogger spyware stealer upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e2ca9576_extracted.exe

Resource

win10v20201028

masslogger spyware stealer upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.gcco.dz
Port:
587
Username:
contact@gcco.dz
Password:
CKnt@CtGcc0

Targets

- Target
  
  e2ca9576_extracted
- Size
  
  1.3MB
- MD5
  
  d91b5ccd5c19ab072de237b4df7485e0
- SHA1
  
  0063c7986415721066dc079e23d0a9e90f46cac2
- SHA256
  
  1c71da106df01c2d995653c5639de3b328757a7dabd5770851c161e8c26c1056
- SHA512
  
  328f15c5977e5a33dcfeb84ab0e8191ef1a953c53099f25e69108c407005731c1feea04a9c173bb67ed0bfd4cd526347e4a5b2c28dbd6c8446f07ea8fa90a237
Score

10^/10

masslogger spyware stealer upx
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggerspywarestealerupx

behavioral2

massloggerspywarestealerupx

© 2018-2024

Terms | Privacy