masslogger | 465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8 | Triage

Submit
Reports

Overview

overview

Static

static

465d689c0d...c8.exe

windows7_x64

1

465d689c0d...c8.exe

windows10-2004_x64

Sharing

General

Target

465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
Size

1.3MB
Sample

220516-xgbs1scab7
MD5

a2a448cbb79929843341c4431d2ef420
SHA1

6f3d0c052c8d9844e59a9ee0a1efa35a41b77f64
SHA256

465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
SHA512

34778a4df8323a8627d4d658c5778005c09dc6b4ba1d39aea57f292a1eee2c14870e64d4fe13b449f33db63db27e0acb7be2289857f5a02eaec95998b37858dd

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
- Size
  
  1.3MB
- MD5
  
  a2a448cbb79929843341c4431d2ef420
- SHA1
  
  6f3d0c052c8d9844e59a9ee0a1efa35a41b77f64
- SHA256
  
  465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
- SHA512
  
  34778a4df8323a8627d4d658c5778005c09dc6b4ba1d39aea57f292a1eee2c14870e64d4fe13b449f33db63db27e0acb7be2289857f5a02eaec95998b37858dd
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy