masslogger | 06f151728290c66867faafe97bc1737b1e46ef0164a14baeaee48a12151ad65e | Triage

Submit
Reports

Overview

overview

Static

static

06f1517282...5e.exe

windows7_x64

06f1517282...5e.exe

windows10-2004_x64

7

Sharing

General

Target

06f151728290c66867faafe97bc1737b1e46ef0164a14baeaee48a12151ad65e
Size

903KB
Sample

220420-esh3csagb2
MD5

83eceb00777a3c444c17b729ae7ec3c2
SHA1

0565af5bdd342f77690bbe6f8a59cb91a2d1af0f
SHA256

06f151728290c66867faafe97bc1737b1e46ef0164a14baeaee48a12151ad65e
SHA512

dfffa9aae14bd980b68720a57b75235c9c66134861d4177f9afd45679530e03994c5d0b130abf9aa3b97ee30ba96ad1cb495c100a8b094e164901ab294ad46aa

Score

10^/10

masslogger collection persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

06f151728290c66867faafe97bc1737b1e46ef0164a14baeaee48a12151ad65e.exe

Resource

win7-20220414-en

masslogger collection persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

06f151728290c66867faafe97bc1737b1e46ef0164a14baeaee48a12151ad65e.exe

Resource

win10v2004-20220414-en

collection persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  06f151728290c66867faafe97bc1737b1e46ef0164a14baeaee48a12151ad65e
- Size
  
  903KB
- MD5
  
  83eceb00777a3c444c17b729ae7ec3c2
- SHA1
  
  0565af5bdd342f77690bbe6f8a59cb91a2d1af0f
- SHA256
  
  06f151728290c66867faafe97bc1737b1e46ef0164a14baeaee48a12151ad65e
- SHA512
  
  dfffa9aae14bd980b68720a57b75235c9c66134861d4177f9afd45679530e03994c5d0b130abf9aa3b97ee30ba96ad1cb495c100a8b094e164901ab294ad46aa
Score

10^/10

masslogger collection persistence spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionpersistencespywarestealer

behavioral2

collectionpersistencespywarestealer

© 2018-2024

Terms | Privacy