masslogger | 868bf5904a98abaa17511a14f7ee304f8cb73c95d616f056d7f51c3a3653aaf0 | Triage

Submit
Reports

Overview

overview

Static

static

868bf5904a...f0.exe

windows7_x64

6

868bf5904a...f0.exe

windows10-2004_x64

Sharing

General

Target

868bf5904a98abaa17511a14f7ee304f8cb73c95d616f056d7f51c3a3653aaf0
Size

2.8MB
Sample

220415-pkyg7acab9
MD5

19fb0fd22c8d8b7d2d54821b3a170361
SHA1

af9aded796b0f2d0499fdee537a4008f3451921e
SHA256

868bf5904a98abaa17511a14f7ee304f8cb73c95d616f056d7f51c3a3653aaf0
SHA512

e18f37b44ceb99f13f74bc74afe3e0c6bd324bb3143425466e4b208c6b0a8f5ed58465ca04a26d9cd9c40cd655d10c247f4310494bb245121bc72757e04fda5a

Score

10^/10

masslogger collection persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

868bf5904a98abaa17511a14f7ee304f8cb73c95d616f056d7f51c3a3653aaf0.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

868bf5904a98abaa17511a14f7ee304f8cb73c95d616f056d7f51c3a3653aaf0.exe

Resource

win10v2004-en-20220113

masslogger collection persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  868bf5904a98abaa17511a14f7ee304f8cb73c95d616f056d7f51c3a3653aaf0
- Size
  
  2.8MB
- MD5
  
  19fb0fd22c8d8b7d2d54821b3a170361
- SHA1
  
  af9aded796b0f2d0499fdee537a4008f3451921e
- SHA256
  
  868bf5904a98abaa17511a14f7ee304f8cb73c95d616f056d7f51c3a3653aaf0
- SHA512
  
  e18f37b44ceb99f13f74bc74afe3e0c6bd324bb3143425466e4b208c6b0a8f5ed58465ca04a26d9cd9c40cd655d10c247f4310494bb245121bc72757e04fda5a
Score

10^/10

persistence masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

massloggercollectionpersistencespywarestealer

© 2018-2025

Terms | Privacy