masslogger | b3daeb7d62a01ac9787f2c702b1e7fbdbdd8d9a386f3c192bf91a277adc020bc | Triage

Submit
Reports

Overview

overview

Static

static

Contract N...19.exe

windows7_x64

Contract N...19.exe

windows10-2004_x64

Sharing

General

Target

b3daeb7d62a01ac9787f2c702b1e7fbdbdd8d9a386f3c192bf91a277adc020bc
Size

846KB
Sample

220503-y6aspabha6
MD5

605799b639c55aeefa38846a753fa203
SHA1

26d1f25f6eb932502cf1b41a567c8b200476ec37
SHA256

b3daeb7d62a01ac9787f2c702b1e7fbdbdd8d9a386f3c192bf91a277adc020bc
SHA512

34214a8385f2578ff0bb69039d3815e6d95ceb3befc1b974c3cc9ce6c1856671f1de776c6f0c6963f4f3fa6da451c0401c302c4df6977c7b4f9a1a71f71d4cbc

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Contract No 12532019.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Contract No 12532019.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Contract No 12532019.exe
- Size
  
  918KB
- MD5
  
  bc3612c3da850921b8d6aa49aad594e6
- SHA1
  
  233eabf33f2a3e2cf53c68540e5c3f5ddb91b389
- SHA256
  
  573b66612f43bd09c655707f60f7a54be3afad50a7de1bd831e26edf3359b069
- SHA512
  
  7d17672751422cc5df5d3a5827b6fde153c288b84314e6155973063d3ae23955c23d1de18927f596470c9a3621a8e8b6652663f01dd6360518b424d8b60b3e82
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy