masslogger | 046dc6ff7008cce89efc715676508778988ec525e5fdfb68bfbf5b70149baf29 | Triage

Submit
Reports

Overview

overview

Static

static

order4635353.exe

windows7_x64

order4635353.exe

windows10-2004_x64

7

Sharing

General

Target

046dc6ff7008cce89efc715676508778988ec525e5fdfb68bfbf5b70149baf29
Size

708KB
Sample

220414-qsxrasagap
MD5

8dbcdb95dc36ba2111d1cf5b7d5b4f8b
SHA1

ad4a2b7007c65117f170c528e80f9f9d538ece01
SHA256

046dc6ff7008cce89efc715676508778988ec525e5fdfb68bfbf5b70149baf29
SHA512

746e34b36a102748186572e5c6850d0e0f371841d056f86c48e5fd90f2f30680937b303c56d9d8894b00bec605a67f7761d932cebbc48ba8e3a0d4ed2b1600b0

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

order4635353.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

order4635353.exe

Resource

win10v2004-en-20220113

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  order4635353.exe
- Size
  
  1.5MB
- MD5
  
  0330b2d896e3143d4cb840ff6e31ba3f
- SHA1
  
  5e30891dd4dac3b818d4cc4833ebf9341b985091
- SHA256
  
  4e6a966ec67bbdbaad608b8782b3faa89314e0e1b1be68167d419f3fdde5a127
- SHA512
  
  5d2926f5cd6d2abd4366e6238f417ada868feb6cf1b9f40dd89dfd7f88d1dd3a16d33b84aa29136a6e31e7ef998c21090b15e47e892d8222e3b2e37df08ac7c8
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy