masslogger | d9a2df6be446befa12555298a0e52c7b5e2cd13f5565873bd5caab1dbaf6cde4 | Triage

Submit
Reports

Overview

overview

Static

static

chibyke03.exe

windows7_x64

chibyke03.exe

windows10-2004_x64

Sharing

General

Target

d9a2df6be446befa12555298a0e52c7b5e2cd13f5565873bd5caab1dbaf6cde4
Size

698KB
Sample

220503-sb7ahscbgr
MD5

f6fa3500a9c5fc87eaf959d35b2d53d2
SHA1

63ed1f8e7fb57ae1f288618c4c4fd49a8c0263c9
SHA256

d9a2df6be446befa12555298a0e52c7b5e2cd13f5565873bd5caab1dbaf6cde4
SHA512

91baa922563d6e2e8e4f930da5a8f1e17ca26e8d7aa350ea7af6dbf397b3dc92e43f902c160b8acd3381cc88f0af98bca3fd23c8de8a646ef39504178942d51c

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

chibyke03.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

chibyke03.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  chibyke03.exe
- Size
  
  1.0MB
- MD5
  
  d9d969b4d51b61c1f2e62305fcb8ba1b
- SHA1
  
  f98d039477e9c5f531a7f809dc7686e69ed5aff1
- SHA256
  
  8e351736ae4bff938f1b59b396f039a6a281c4b8401f918f6b7b52b5c574d330
- SHA512
  
  95f7b868951e3bc9867478df083b2fb43807ef053dcee05c6bd3e3d78d466b885309a7c2a5b65bfc8b41bef35ec89fa01edeead4f7cf63b82103677812cfa912
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy