masslogger

General

Target

5d661c0eb0c3412ba9f61af5317cf65f1b4ffd7f559ce8427b01c0e7872e42ff
Size

896KB
Sample

220520-3cnvnsbfak
MD5

a073eb174b20fdfd8ef7b3a01b63e738
SHA1

b75b1fce6f0a25896f2c1f14fdf69a00d298c288
SHA256

5d661c0eb0c3412ba9f61af5317cf65f1b4ffd7f559ce8427b01c0e7872e42ff
SHA512

44a1c3844e14960d6860574d19fde624c699d248b9db6c568a3eab8aea0296ce104275c097b9770179313e6288a53cc7457ca1a3b9869112967b8656f9e47cd0

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 11:25:35 PM MassLogger Started: 5/20/2022 11:25:24 PM Interval: 3 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\DHL ARRIVAL SHIPMENT PRE-ALERT.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Window Searcher ||> Disabled <|| Downloader ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> NA

Extracted

Path

C:\Users\Admin\AppData\Local\0F48153F20\Log.txt

Family

masslogger

Ransom Note

<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 10 Pro 64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 11:25:29 PM MassLogger Started: 5/20/2022 11:25:25 PM Interval: 3 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\DHL ARRIVAL SHIPMENT PRE-ALERT.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> NA

Targets

- Target
  
  DHL ARRIVAL SHIPMENT PRE-ALERT.exe
- Size
  
  1.0MB
- MD5
  
  d66436765b3cb3dc1a97beab0c6c7ae2
- SHA1
  
  bb5f32c172af5efd89c25960bed8edc76467a9b9
- SHA256
  
  dc05645067f3f3ccf6a4e647dcf935c928fd981ef904672603a7ab409488166e
- SHA512
  
  5591c88812f92ce11bbc87c01dceba3de905c5b7473582f2eb58f91929da4baf1bf44b5beb025d97027b85152969a64ef9c680881e4f30f7ac3a58a4e707e8a3
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2