masslogger

General

Target

4c69f7c893b04cdcde779cc8debd644802eb9495831b18abe8d3c94d02c5668b
Size

1.6MB
Sample

220520-q2zx1seec9
MD5

0f2b7ae67acb62f37102e881696895e7
SHA1

d5411019c664af4c386d13e99576534f0b0f9f7d
SHA256

4c69f7c893b04cdcde779cc8debd644802eb9495831b18abe8d3c94d02c5668b
SHA512

38594814f18480ba1fec624d5e26e56bf9b521f6848783b532d45f4233829298847c7ae9ef4e4edffadfd54c88ffa25c39344045b48af9c19b6c62bea3d2465c

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 4:25:59 PM MassLogger Started: 5/20/2022 4:25:38 PM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 4:25:27 PM MassLogger Started: 5/20/2022 4:25:19 PM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  INVOICE09090.exe
- Size
  
  2.0MB
- MD5
  
  014c0a6998bc074852e5a1cb8262e7a2
- SHA1
  
  bdc027bbb2bff2c8c1effbd2305154e6ec232eae
- SHA256
  
  2c7989e0df0c62a6c561a72a5605bfd55d4006b84878b05dd50d22ce16776d7a
- SHA512
  
  ac869275bf85429fe56f496866f27a25520c986790ac9d978ea5aa1f2dc81d365db9c9abc8961efce3fc326b70b3e3984900c2e4464171875ea9bba48310e3d5
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2