masslogger | d2232949a80b21e9c967490be35b87ba8e5495cb61b10493b5adb1297e37dd4b | Triage

Submit
Reports

Overview

overview

Static

static

Neptune_028887E.exe

windows7_x64

Neptune_028887E.exe

windows10-2004_x64

Sharing

General

Target

d2232949a80b21e9c967490be35b87ba8e5495cb61b10493b5adb1297e37dd4b
Size

1.5MB
Sample

220520-3rxfcshde6
MD5

bfc8444d4b0deb93a43c249db026f48a
SHA1

a63e0a6618a8b903e9900db119136d56f77f1fa0
SHA256

d2232949a80b21e9c967490be35b87ba8e5495cb61b10493b5adb1297e37dd4b
SHA512

443a44ee7bef89e6dd2ced1b464f89aff6b6f6c22c7bb3c768f8803452befeb08758eb730b22fb960c7c547f9ef2109efcc933569778cd64683c243c6421d67a

Score

10^/10

masslogger agilenet spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Neptune_028887E.exe

Resource

win7-20220414-en

masslogger agilenet spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Neptune_028887E.exe

Resource

win10v2004-20220414-en

masslogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Neptune_028887E.exe
- Size
  
  1.4MB
- MD5
  
  8dff4b620965db5895629bc5e4733154
- SHA1
  
  7aab2496a2cba81df62eb42b6b069dcba4e80424
- SHA256
  
  8ba2916d91cfaa19c67d2e8a9603fca8a41fac3f960b79edcadab0bb094c3e52
- SHA512
  
  fc901d3cb5908ee2a094577d669d0acba760e2ea30fd514845ce674dd0e150c9813c4ef933b76521e93d7357aa5e432f5ee1493468497caa013a4b795087a846
Score

10^/10

masslogger agilenet spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggeragilenetspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy