masslogger | a579b16be0de7aae3a017e9dadcba7313d81e1832d3fc67251ed87fdaf17f7ad | Triage

Submit
Reports

Overview

overview

Static

static

Quote USD$...ms.exe

windows7_x64

1

Quote USD$...ms.exe

windows10-2004_x64

Sharing

General

Target

a579b16be0de7aae3a017e9dadcba7313d81e1832d3fc67251ed87fdaf17f7ad
Size

787KB
Sample

220420-en3k7sfabr
MD5

6628713e2e281ce318cbad0acf5265dd
SHA1

2f5c13633e2188371b3b5589f7c6f062dc5df44d
SHA256

a579b16be0de7aae3a017e9dadcba7313d81e1832d3fc67251ed87fdaf17f7ad
SHA512

284aaab93864bf696fdec0fcc72d20a98926ef0cf05a36da27a44a1b1b0e5c0d58ff7cea554e9f5dc57c86a73e3f235da46d21d803d2579f589c619711690819

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Quote USD$ Prices For Items.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quote USD$ Prices For Items.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Quote USD$ Prices For Items.exe
- Size
  
  926KB
- MD5
  
  50831e895c50a7c21c1be66fc6fd2d28
- SHA1
  
  39cf19b2c753254ed0bafa11c635ab07670db32c
- SHA256
  
  490ba5c3e2409bf961484b16cba91c2539609bb04b10c69d0a2e5c76889242bf
- SHA512
  
  898a492001724bf52cee0fdee167da15447395424333eb5f9fe28355929207dd9d375743c80d0d259bee8bf8a2abe24effb677e0f0b8210a8f742a9e318c62ea
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy