masslogger

General

Target

374bb0dea8b49b183d0f9cfbce09206b58fad14eaf38663ecbcf6f3480d5b5db
Size

792KB
Sample

220521-a1hdkseahk
MD5

37d812eadbd07118a89d088ffae452ec
SHA1

359360f9e1042d66bfe881d8801d9fe10428028d
SHA256

374bb0dea8b49b183d0f9cfbce09206b58fad14eaf38663ecbcf6f3480d5b5db
SHA512

f00a5773a4622743a6b52c8bd8fa6644d04f6bcb8cce6ce2e83b0f5c0de226f53e72f0e2aba78b79e4c1c921983c8065a065ef18967917cf947a69411b0f4cfd

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

<|| v2.2.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:56:52 AM MassLogger Started: 5/21/2022 2:56:32 AM Interval: 4 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| USB Spread ||> Disabled <|| Bot Killer ||> Disabled <|| Window Searcher ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\F293CD6622\Log.txt

Family

masslogger

Ransom Note

<|| v2.2.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 10 Pro 64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:56:51 AM MassLogger Started: 5/21/2022 2:56:45 AM Interval: 4 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| USB Spread ||> Disabled <|| Downloader ||> Disabled <|| Bot Killer ||> Disabled <|| Window Searcher ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Targets

- Target
  
  The Candidates List.exe
- Size
  
  951KB
- MD5
  
  a90e0776e6dd98ef7d2317fdc9f8c15d
- SHA1
  
  735e40fbfbf539209ab28ee50d1fd9871c12084e
- SHA256
  
  175dc1ef3ca07f65986afd11a9ee79ba66d92e8bb2ab11ae0fc2a8a06f630f78
- SHA512
  
  631308231536a65a33b596b316a1d6c79e06886ba8f69e0b6dbe36c0cf0f17567e51590df460eff4cb068e83604a1f16b22264fb0ec87a251acd7566640347a9
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2