masslogger | 2cdc5eecf06a3a73515f87d25eb2c7e0ad1a0543f4c4c6d0033f2dbc557f254f | Triage

Submit
Reports

Overview

overview

Static

static

Navrang-PO.exe

windows7_x64

Navrang-PO.exe

windows10-2004_x64

Sharing

General

Target

2cdc5eecf06a3a73515f87d25eb2c7e0ad1a0543f4c4c6d0033f2dbc557f254f
Size

861KB
Sample

220502-sm57laachl
MD5

abeccf7f006ef35836e86d272b5a5cb8
SHA1

88f79477b21ef3394410c43d501ed2e5ad378fdb
SHA256

2cdc5eecf06a3a73515f87d25eb2c7e0ad1a0543f4c4c6d0033f2dbc557f254f
SHA512

bc8c399a1ad81b00b5fae1741a835be1a035d6d2c5d690f25630e695d068aec032b58c940c7987bcef9dfed8b0211013d8fdc0d6693118b2f5b55f59b2294dba

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Navrang-PO.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Navrang-PO.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Navrang-PO.exe
- Size
  
  896KB
- MD5
  
  5c2ea8070997632d9a2155065611ab91
- SHA1
  
  5173c8e1e3ebe919f5e676dbfc3c0751b4a59fb4
- SHA256
  
  e1b5aa4851cd69669566e48206ea250711a3373df342b9417271b7700d24d187
- SHA512
  
  1990828253e373a2bf3ef71f278e22826e440f00ea1b2817640901e0acd2e1a8fd0b2e73462d5c8bf68bd47f5eb2ca3f2da798e85b58acced3c03db6ec6ea035
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy