masslogger | dd7d2a2eb7397a70faaa67c0a631de6665faf3df0d1f1cb56b9409fd136e06be | Triage

Submit
Reports

Overview

overview

Static

static

dd7d2a2eb7...be.exe

windows7_x64

dd7d2a2eb7...be.exe

windows10-2004_x64

7

Sharing

General

Target

dd7d2a2eb7397a70faaa67c0a631de6665faf3df0d1f1cb56b9409fd136e06be
Size

2.4MB
Sample

220418-m2b96scdaq
MD5

1c1b0cb5d44e9603d7584fcdfa037755
SHA1

8ed911f3e74fde0fdb080f102267be614a9984d7
SHA256

dd7d2a2eb7397a70faaa67c0a631de6665faf3df0d1f1cb56b9409fd136e06be
SHA512

3a1b44194967250329f1d46a68a5ca86a0cc0f57caaf6e914196144f441049c411b2ff0b112065aa756ce87f9f8d84a2310fdf33209df1981b76689fd8662db0

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

dd7d2a2eb7397a70faaa67c0a631de6665faf3df0d1f1cb56b9409fd136e06be.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dd7d2a2eb7397a70faaa67c0a631de6665faf3df0d1f1cb56b9409fd136e06be.exe

Resource

win10v2004-20220414-en

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dd7d2a2eb7397a70faaa67c0a631de6665faf3df0d1f1cb56b9409fd136e06be
- Size
  
  2.4MB
- MD5
  
  1c1b0cb5d44e9603d7584fcdfa037755
- SHA1
  
  8ed911f3e74fde0fdb080f102267be614a9984d7
- SHA256
  
  dd7d2a2eb7397a70faaa67c0a631de6665faf3df0d1f1cb56b9409fd136e06be
- SHA512
  
  3a1b44194967250329f1d46a68a5ca86a0cc0f57caaf6e914196144f441049c411b2ff0b112065aa756ce87f9f8d84a2310fdf33209df1981b76689fd8662db0
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy