masslogger

General

Target

94346921a393491186c134bd6a55b98c98b95d69e6d0066bbb4385899ff7599c
Size

826KB
Sample

220520-p9bpqacge4
MD5

52d01391c8b20c5511d6148cb78dce9a
SHA1

155816a85d5fbfbf6a4bd9ef8e87bbc6ecae37de
SHA256

94346921a393491186c134bd6a55b98c98b95d69e6d0066bbb4385899ff7599c
SHA512

6f96efb941e0bd2db6e1f6e438a2179c475b63091c0e471c2702aa33f58db14eab36832d7e29f85cfe7f59fe840057df8b6992e21e2a92e1ea62676a16d0485b

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.7.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 3:07:14 PM MassLogger Started: 5/20/2022 3:06:50 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\k1f0Acf29eG3FzJ.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\19E979543A\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.7.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 3:05:46 PM MassLogger Started: 5/20/2022 3:05:41 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\k1f0Acf29eG3FzJ.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  k1f0Acf29eG3FzJ.exe
- Size
  
  908KB
- MD5
  
  4638aa710733a365c1265303da13c0b3
- SHA1
  
  31a9b61bd7301b93eef5fb117ae16dfe3f00bed3
- SHA256
  
  5caa7e9eb486ca9161d410e9fe1dc4074c3b0c66f8d6cd05ab5ae6dd35837c5a
- SHA512
  
  bfb9b61cc9c28e35307bafbf63e19379fcb307b02652decd4d08f89e8dc28cc56b1a50f95648760ea26167a51b57bc79ed40bc57432cf4d7cdc0bd174993bee3
Score

10^/10

masslogger collection ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2