masslogger | cf4fa8dc53027d035f01c2484d8734b8a98bb323b71c1d5f1fe3f94416cabe9e | Triage

Submit
Reports

Overview

overview

Static

static

cf4fa8dc53...9e.exe

windows7_x64

cf4fa8dc53...9e.exe

windows10-2004_x64

Sharing

General

Target

cf4fa8dc53027d035f01c2484d8734b8a98bb323b71c1d5f1fe3f94416cabe9e
Size

3.3MB
Sample

220420-cv5yssdfbk
MD5

83ceb8cd46608b79ffaf2798cdad8027
SHA1

e873ec72d9fcf7cb582e5ccbf6b6a5b640f42e84
SHA256

cf4fa8dc53027d035f01c2484d8734b8a98bb323b71c1d5f1fe3f94416cabe9e
SHA512

3e94cfced5299e5765c305ef6ffa3a5fb42d5c0979a6a39bb5dfd072974e11e482fcd31463544d37a450f2695a32cd1b5502756bc0f31dcb0e63544b227d23b2

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

cf4fa8dc53027d035f01c2484d8734b8a98bb323b71c1d5f1fe3f94416cabe9e.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cf4fa8dc53027d035f01c2484d8734b8a98bb323b71c1d5f1fe3f94416cabe9e.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cf4fa8dc53027d035f01c2484d8734b8a98bb323b71c1d5f1fe3f94416cabe9e
- Size
  
  3.3MB
- MD5
  
  83ceb8cd46608b79ffaf2798cdad8027
- SHA1
  
  e873ec72d9fcf7cb582e5ccbf6b6a5b640f42e84
- SHA256
  
  cf4fa8dc53027d035f01c2484d8734b8a98bb323b71c1d5f1fe3f94416cabe9e
- SHA512
  
  3e94cfced5299e5765c305ef6ffa3a5fb42d5c0979a6a39bb5dfd072974e11e482fcd31463544d37a450f2695a32cd1b5502756bc0f31dcb0e63544b227d23b2
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy