masslogger | 10c50cd37eae7a4ed97db3198606e20fb8eb2ba9449a0f5002b12d6e57e363a8 | Triage

Submit
Reports

Overview

overview

Static

static

10c50cd37e...a8.exe

windows7_x64

10c50cd37e...a8.exe

windows10-2004_x64

7

Sharing

General

Target

10c50cd37eae7a4ed97db3198606e20fb8eb2ba9449a0f5002b12d6e57e363a8
Size

1.7MB
Sample

220417-jrfm3abebn
MD5

979541014106738c5dc9c57dd0db48be
SHA1

c4c4ea7bba5c7e106fd60972adda964391d5b7f0
SHA256

10c50cd37eae7a4ed97db3198606e20fb8eb2ba9449a0f5002b12d6e57e363a8
SHA512

7ad65f3b26c0dc9e4922cc2011ad07424f02a43baf59b84134f313e5e701687e554561b131febbd0251fe15529df222c1c1cd83469e5d9e8b86c2feab5d4a8c7

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

10c50cd37eae7a4ed97db3198606e20fb8eb2ba9449a0f5002b12d6e57e363a8.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

10c50cd37eae7a4ed97db3198606e20fb8eb2ba9449a0f5002b12d6e57e363a8.exe

Resource

win10v2004-20220414-en

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  10c50cd37eae7a4ed97db3198606e20fb8eb2ba9449a0f5002b12d6e57e363a8
- Size
  
  1.7MB
- MD5
  
  979541014106738c5dc9c57dd0db48be
- SHA1
  
  c4c4ea7bba5c7e106fd60972adda964391d5b7f0
- SHA256
  
  10c50cd37eae7a4ed97db3198606e20fb8eb2ba9449a0f5002b12d6e57e363a8
- SHA512
  
  7ad65f3b26c0dc9e4922cc2011ad07424f02a43baf59b84134f313e5e701687e554561b131febbd0251fe15529df222c1c1cd83469e5d9e8b86c2feab5d4a8c7
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy