masslogger

General

Target

36489e691b7ecb8dac7db354a4541417f045bb164db520387a4794ce7dfcce31
Size

790KB
Sample

220503-y1kqpsedam
MD5

c31ef7aefa08862def40cd90a0197e83
SHA1

954a3553f9a2e59edc2d818fe6676cfb9053fbf4
SHA256

36489e691b7ecb8dac7db354a4541417f045bb164db520387a4794ce7dfcce31
SHA512

657dd644c3cb15bbe0ca3dcefa8265e4dadf28b4ccda4421ed4c946535882732f79c6f18727af6911320ee110c6e56615e90fa355cfd2e1b94de7773031400d0

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v2.0.0.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/3/2022 10:15:40 PM MassLogger Started: 5/3/2022 10:15:33 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  36489e691b7ecb8dac7db354a4541417f045bb164db520387a4794ce7dfcce31
- Size
  
  790KB
- MD5
  
  c31ef7aefa08862def40cd90a0197e83
- SHA1
  
  954a3553f9a2e59edc2d818fe6676cfb9053fbf4
- SHA256
  
  36489e691b7ecb8dac7db354a4541417f045bb164db520387a4794ce7dfcce31
- SHA512
  
  657dd644c3cb15bbe0ca3dcefa8265e4dadf28b4ccda4421ed4c946535882732f79c6f18727af6911320ee110c6e56615e90fa355cfd2e1b94de7773031400d0
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2