masslogger

General

Target

487966ac27957cffaab676f739a0928f87a9dab944c275cad3550d3760b42ae2
Size

746KB
Sample

220521-a8f6gsbea3
MD5

1e57d49e066643e833ca5aa01c1afdf6
SHA1

bc55924b3584a7e34e955b9d710f465b4df00297
SHA256

487966ac27957cffaab676f739a0928f87a9dab944c275cad3550d3760b42ae2
SHA512

6a9ddf8a0c81e5c07789015d3512407be028371fdf0ef6547f7bf5cf1ea2a304c5d098842c0e7d5a8230257f26fb6629466aa7d8a7903177406a83ff1c743159

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:16:59 AM MassLogger Started: 5/21/2022 3:16:25 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\2EF8342664\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:17:12 AM MassLogger Started: 5/21/2022 3:16:52 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Dmacdavid

Targets

- Target
  
  Invio Estratto.exe
- Size
  
  843KB
- MD5
  
  41eeb21fde2e0191d466f6ac5f75b4b3
- SHA1
  
  56b7e0e9918c0d12bc21c255bdba57e8fe7ae18c
- SHA256
  
  0bf96baeec569010dc7acb82cd5f2bb7feacd9c5411dcd6d8fd53c9b316344ce
- SHA512
  
  acb80e610ba546ed844c79c584b65a73c2aa4510d937f1591274ff711d7737bda53c7c6f050d67499e0f872bddd7a8500f52b098240d80b4f0b78624031571d5
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

MassLogger log file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Maps connected drives based on registry

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2