General

  • Target

    b15e49bdc9f192408bda7baa959949a62285764a42ebf6fe6cd2ac8e5ed3ec66

  • Size

    1.5MB

  • Sample

    220324-2f9e4scacj

  • MD5

    7368e193487ba5df857bde3eed09c9e6

  • SHA1

    04c6f6284b3f076053ced3391d5c7734d1598fbf

  • SHA256

    b15e49bdc9f192408bda7baa959949a62285764a42ebf6fe6cd2ac8e5ed3ec66

  • SHA512

    492168c0ae4b952394f46f66d7de4fc9fc93cd63b2317fd6d9530ad29f451c5e3138d39ece7241fad67e4c175e60991c4401d8168c4731c5ca2c9be85c4ecc59

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\23C2295DA4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 3/25/2022 3:09:27 AM MassLogger Started: 3/25/2022 3:09:20 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Dmacdavid

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\20611F0545\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 3/25/2022 4:11:55 AM MassLogger Started: 3/25/2022 4:11:41 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Targets

    • Target

      EU Business Register.exe

    • Size

      1.9MB

    • MD5

      ada080e31c56a4d65a2e426890504121

    • SHA1

      6d0878ae4973f39cf0e61b6f5ddd662866435ae7

    • SHA256

      22d10edc3d0457dd81ee6cd9353e76b3208f8a549c290b80dea1efbbbe120c0b

    • SHA512

      4a31546103f75b54e1b33fd7dbc95ebd5573ee74b53dc45edf86de527fd6a89a560fde82dfa217956788b0bd9cd5415d80d349de016d86b9dad58d519a42c54f

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks