masslogger

General

Target

621617fede3ceec20c51560f4c2aff347bf760a5182a3458d5f45f9d8c6acee3
Size

846KB
Sample

220520-rl5c8sfhh2
MD5

6fadcc5ec0b920a0fd9f57fd1992916e
SHA1

bb998712e1c618965fdd0f5f89f0019a3f0eb196
SHA256

621617fede3ceec20c51560f4c2aff347bf760a5182a3458d5f45f9d8c6acee3
SHA512

aa4a60249bd3521ec88e5e6ed7fdfe20099236ac4ee5b8cc1b8cbad24c3c4feb7c284af64807aa7505f7edc91a4d29e4285eeba3eeafb89ada1be9d64bd779e6

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 127.0.0.1 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 5:22:23 PM MassLogger Started: 5/20/2022 5:22:00 PM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Maersk Ratesheet.Scan...exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 5:22:14 PM MassLogger Started: 5/20/2022 5:21:53 PM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Maersk Ratesheet.Scan...exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  Maersk Ratesheet.Scan...exe
- Size
  
  1.2MB
- MD5
  
  74cff6e4840dd481d888d12f89629f4a
- SHA1
  
  4d8b01c1939faf241abdeef11e87a16c498bc2e2
- SHA256
  
  53b4179d18dc27443d5182752aaf6d78253ec7fc4eac192dcf6078884af51535
- SHA512
  
  9a3edd39d511c4098cc976d072a2d0b628aaff76be126f5b1143a8114cf56183aed64aacbca48b8ce5086a79f4b1acbc16144a2800e9b10a558604cdbc90adeb
Score

10^/10

masslogger ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

Checks computer location settings

Drops startup file

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2