masslogger

General

Target

f5c8d2b0933f02befa8a92275b61c84da733d637bb7746b2c4a96b21086480eb
Size

668KB
Sample

220521-a8yqjabeb6
MD5

ba98312759ee688ad6274139f8ca4774
SHA1

32604658a2e1656988a268a38bcc35ec32442683
SHA256

f5c8d2b0933f02befa8a92275b61c84da733d637bb7746b2c4a96b21086480eb
SHA512

b790d6faf4694a035ad9cc5b0d443dbc0d0989cd9952b4c2a1c7652153978777832b5db8254b6a71a15f3970b38af6ad6936bf971f19db34ed00f56759cf6854

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:18:38 AM MassLogger Started: 5/21/2022 3:18:13 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\PRQ 010474.exe MassLogger Melt: false MassLogger Exit after delivery: true As Administrator: True Processes:

Extracted

Credentials

Protocol: smtp
Host:
mail.mkontakt.az
Port:
587
Username:
[email protected]
Password:
Onyeoba111

Targets

- Target
  
  PRQ 010474.exe
- Size
  
  707KB
- MD5
  
  f7f798cefa93fa8f30af242b477b492d
- SHA1
  
  51255ed37b1c283d5680e2b2eedd8a6faee4a42e
- SHA256
  
  0ed172bf03053550d13affba533548544e35af09e7e01abd548648adf427e5c3
- SHA512
  
  9deaebc9c08f6855c5b3d878d27f0f79401af97ef15fcb1d4d6e4edcf20c51ba67c778463363b0fdeb9eec0aacdf257f8b4c17da9e8b7a12e9bea07d56be22b3
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2