masslogger | b770e8a6e3fa734aef0f401a988cfbe6925ac4da81c76f7dc4b0e8d1d105227a | Triage

Submit
Reports

Overview

overview

Static

static

b770e8a6e3...7a.exe

windows7_x64

b770e8a6e3...7a.exe

windows10-2004_x64

Sharing

General

Target

b770e8a6e3fa734aef0f401a988cfbe6925ac4da81c76f7dc4b0e8d1d105227a
Size

659KB
Sample

220508-jeqx9sbca2
MD5

cfb1b53060223753fed8d9cac55b9aa9
SHA1

8c74700d2eceb7d60cb1ba5f2c14e4ed75f9f61e
SHA256

b770e8a6e3fa734aef0f401a988cfbe6925ac4da81c76f7dc4b0e8d1d105227a
SHA512

24f3758e16616b00d19d68291971bb75967b0560b9922b5f0d584afb538d4acd435cdd7c56f9271eee3d11bec5b0410b1a2b51f9a7becae7207e2c46cc83dc40

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b770e8a6e3fa734aef0f401a988cfbe6925ac4da81c76f7dc4b0e8d1d105227a.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b770e8a6e3fa734aef0f401a988cfbe6925ac4da81c76f7dc4b0e8d1d105227a.exe

Resource

win10v2004-20220414-en

masslogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b770e8a6e3fa734aef0f401a988cfbe6925ac4da81c76f7dc4b0e8d1d105227a
- Size
  
  659KB
- MD5
  
  cfb1b53060223753fed8d9cac55b9aa9
- SHA1
  
  8c74700d2eceb7d60cb1ba5f2c14e4ed75f9f61e
- SHA256
  
  b770e8a6e3fa734aef0f401a988cfbe6925ac4da81c76f7dc4b0e8d1d105227a
- SHA512
  
  24f3758e16616b00d19d68291971bb75967b0560b9922b5f0d584afb538d4acd435cdd7c56f9271eee3d11bec5b0410b1a2b51f9a7becae7207e2c46cc83dc40
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy