masslogger | 15185d2fc8f7baf088775337282f05afacd8976142a0a9b7205452521697c977 | Triage

Submit
Reports

Overview

overview

Static

static

PURCHASE -ORDER.exe

windows7_x64

PURCHASE -ORDER.exe

windows10-2004_x64

7

Sharing

General

Target

15185d2fc8f7baf088775337282f05afacd8976142a0a9b7205452521697c977
Size

813KB
Sample

220503-zml72sfabn
MD5

6963f0ed76bf70c527be02d0ac6b6cae
SHA1

7ec56d5930858e9896a92b8aaeb76fb0bdd78ca2
SHA256

15185d2fc8f7baf088775337282f05afacd8976142a0a9b7205452521697c977
SHA512

33648f476359c75e2ba367dcf5d56f2da8a9b6190b4af1c7a57fe24f1f01255fdd72166412edef489bcc894978fcd3dadfc941237913db4a13a81b06514babc1

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

PURCHASE -ORDER.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PURCHASE -ORDER.exe

Resource

win10v2004-20220414-en

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  PURCHASE -ORDER.exe
- Size
  
  1.4MB
- MD5
  
  951ee81181e3409f6a76859b6b9e7ba1
- SHA1
  
  84af12a9a02fb549a54243bef77baee696e83571
- SHA256
  
  d18f27370f8ee9d89c588980241ef2757a4a5d6cc70a357c7a45fae186c7e84b
- SHA512
  
  bf0bc795bb3127e1d97284093324c45b228424b61df996382deca63be469bd5848bf348e70acb1ede40251668a98bef50067d74ea99cca70ae06d7f1946231a9
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy