masslogger

General

Target

49b64249d56b43b7e92112ebde5e20d9ae67cd88a2fa1d856eed251fc328cefb
Size

834KB
Sample

220520-p9k86acgf3
MD5

51b9fb543c228ac2d6c0d75a0d5d6500
SHA1

85315d930b2424b4a21dd437f7cc625dd599c86d
SHA256

49b64249d56b43b7e92112ebde5e20d9ae67cd88a2fa1d856eed251fc328cefb
SHA512

24a989d7488d11f2ce58b395891e3a4f69d75c1a6f41e2d967a87b05e103a09d9e60364b9a3737e9817646b67a50dde2a50fe821db95aa4e107d4faf3c8f133b

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 3:08:51 PM MassLogger Started: 5/20/2022 3:08:33 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\DESIGNS ARTWORK FOR ORDER.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> NA

Targets

- Target
  
  49b64249d56b43b7e92112ebde5e20d9ae67cd88a2fa1d856eed251fc328cefb
- Size
  
  834KB
- MD5
  
  51b9fb543c228ac2d6c0d75a0d5d6500
- SHA1
  
  85315d930b2424b4a21dd437f7cc625dd599c86d
- SHA256
  
  49b64249d56b43b7e92112ebde5e20d9ae67cd88a2fa1d856eed251fc328cefb
- SHA512
  
  24a989d7488d11f2ce58b395891e3a4f69d75c1a6f41e2d967a87b05e103a09d9e60364b9a3737e9817646b67a50dde2a50fe821db95aa4e107d4faf3c8f133b
Score

1^/10
behavioral1 behavioral2
- Target
  
  DESIGNS ARTWORK FOR ORDER.exe
- Size
  
  867KB
- MD5
  
  73b302dc6804f0099e0957150f7a5782
- SHA1
  
  c6cc6631668f0f8132651bd01dd4ca0303dd5fb1
- SHA256
  
  0b59a5ffd1da84a9bf88fc0c49d758fb8288f1e9564111ec5c4f8e0ffa91940d
- SHA512
  
  81f8751498372369f7dcdeb8a16a8d4a3460dfe64a59e1ec703a1f2a71e53d322ecd32b7a47039ee03f0628132b164806aef522a2ddd97013b41e2c32a3b61d3
Score

10^/10

masslogger agilenet collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4