masslogger

General

Target

d94dfc354237cd61bc9bc572132f85e54f3a8770b8fc24b909f23a8a546e8172
Size

3.1MB
Sample

220520-q22fvahebp
MD5

4ed9f8e62e8038547dc7e26e95990c28
SHA1

1f4ba5cad06af0228d17e0a11726c4421702e8b7
SHA256

d94dfc354237cd61bc9bc572132f85e54f3a8770b8fc24b909f23a8a546e8172
SHA512

44d67f72b21461ec026144bc4ea520fd35eb8f52a39ee148d8a9a1415776bfc39a8c848c3994b9232ab0e5908f6f06c5f9a32e4ff0be6166cb1ec06ab06cd743

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 4:40:19 PM MassLogger Started: 5/20/2022 4:39:58 PM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F293CD6622\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 4:40:05 PM MassLogger Started: 5/20/2022 4:39:50 PM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  INVOICE09090.PIF
- Size
  
  2.0MB
- MD5
  
  014c0a6998bc074852e5a1cb8262e7a2
- SHA1
  
  bdc027bbb2bff2c8c1effbd2305154e6ec232eae
- SHA256
  
  2c7989e0df0c62a6c561a72a5605bfd55d4006b84878b05dd50d22ce16776d7a
- SHA512
  
  ac869275bf85429fe56f496866f27a25520c986790ac9d978ea5aa1f2dc81d365db9c9abc8961efce3fc326b70b3e3984900c2e4464171875ea9bba48310e3d5
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2