masslogger | d2232949a80b21e9c967490be35b87ba8e5495cb61b10493b5adb1297e37dd4b | Triage

Submit
Reports

Overview

overview

Static

static

Neptune_028887E.exe

windows7_x64

Neptune_028887E.exe

windows10-2004_x64

Sharing

General

Target

d2232949a80b21e9c967490be35b87ba8e5495cb61b10493b5adb1297e37dd4b
Size

1.5MB
Sample

220520-3rxfcshde6
MD5

bfc8444d4b0deb93a43c249db026f48a
SHA1

a63e0a6618a8b903e9900db119136d56f77f1fa0
SHA256

d2232949a80b21e9c967490be35b87ba8e5495cb61b10493b5adb1297e37dd4b
SHA512

443a44ee7bef89e6dd2ced1b464f89aff6b6f6c22c7bb3c768f8803452befeb08758eb730b22fb960c7c547f9ef2109efcc933569778cd64683c243c6421d67a

Score

10^/10

masslogger agilenet spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Neptune_028887E.exe

Resource

win7-20220414-en

masslogger agilenet spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Neptune_028887E.exe

Resource

win10v2004-20220414-en

masslogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Neptune_028887E.exe
- Size
  
  1.4MB
- MD5
  
  8dff4b620965db5895629bc5e4733154
- SHA1
  
  7aab2496a2cba81df62eb42b6b069dcba4e80424
- SHA256
  
  8ba2916d91cfaa19c67d2e8a9603fca8a41fac3f960b79edcadab0bb094c3e52
- SHA512
  
  fc901d3cb5908ee2a094577d669d0acba760e2ea30fd514845ce674dd0e150c9813c4ef933b76521e93d7357aa5e432f5ee1493468497caa013a4b795087a846
Score

10^/10

masslogger agilenet spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggeragilenetspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy