masslogger | 11d5f5de14daaa0b591fa1883aabdb5d214f1da19466095bf5dc2723544cb3c9 | Triage

Submit
Reports

Overview

overview

Static

static

11d5f5de14...c9.exe

windows7_x64

11d5f5de14...c9.exe

windows10-2004_x64

Sharing

General

Target

11d5f5de14daaa0b591fa1883aabdb5d214f1da19466095bf5dc2723544cb3c9
Size

1.1MB
Sample

220414-qv2g9sebd3
MD5

96bc6d1efa21ca398fa03e54b6091486
SHA1

9b854aa8f4e243111710784066a51835ba95df86
SHA256

11d5f5de14daaa0b591fa1883aabdb5d214f1da19466095bf5dc2723544cb3c9
SHA512

bdcaf2d8df21d58dd8218ca551f5fc63eeedda67ff3a86436cc41c9a88ea32bc88b99f2be5bb017c75898834c4d1ed449d252f71675aac456a4d55b222b2d937

Score

10^/10

masslogger metastealer collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

11d5f5de14daaa0b591fa1883aabdb5d214f1da19466095bf5dc2723544cb3c9.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

11d5f5de14daaa0b591fa1883aabdb5d214f1da19466095bf5dc2723544cb3c9.exe

Resource

win10v2004-en-20220113

masslogger metastealer collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  11d5f5de14daaa0b591fa1883aabdb5d214f1da19466095bf5dc2723544cb3c9
- Size
  
  1.1MB
- MD5
  
  96bc6d1efa21ca398fa03e54b6091486
- SHA1
  
  9b854aa8f4e243111710784066a51835ba95df86
- SHA256
  
  11d5f5de14daaa0b591fa1883aabdb5d214f1da19466095bf5dc2723544cb3c9
- SHA512
  
  bdcaf2d8df21d58dd8218ca551f5fc63eeedda67ff3a86436cc41c9a88ea32bc88b99f2be5bb017c75898834c4d1ed449d252f71675aac456a4d55b222b2d937
Score

10^/10

masslogger collection spyware stealer metastealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggermetastealercollectionspywarestealer

© 2018-2025

Terms | Privacy